Monongalia Health System, Inc., a health system for three hospitals based in West Virginia, USA, has been hit by a business email compromise (BEC) scam. The health system provider was unaware that their cybersecurity defences had been infiltrated. They were alerted by a vendor who had reported not receiving payment in July 2021. Since alerted Monongalia Health System has launched an investigation into the incident which discovered that several of the organisation’s employees’ email accounts had been compromised by threat actors between May and August 2021. By compromising the emails the threat actors gained unauthorized access to employees emails and attachments.