Incident Details
Last year, a substantial amount of grant funds from the Department of Health and Human Services was unlawfully taken by hackers in a sequence of cyber attacks. From late March to mid-November, the attackers managed to infiltrate an HHS system responsible for handling grants to civilians, resulting in the unauthorized withdrawal of approximately $7.5 million designated for distribution to five different accounts. In the latest breach, it was revealed that the hackers infiltrated the email accounts of the grant recipients and employed spear-phishing techniques to deceive US payment personnel into granting access to these accounts.
Incident
How Did the Breach Happen?
Unauthorized individuals infiltrated a system belonging to HHS and employed spearphishing emails to deceive payment administrators in the United States into granting access to the accounts of the grant recipients.
What Data has been Compromised?
Millions of dollars are allocated as grant funds to be distributed among five recipients.
Why Did the company's Security Measures Fail?
The security protocols of the company were breached when unauthorized individuals managed to access the HHS system and deceive employees into granting entry to the accounts of the grantees.
What Immediate Impact Did the Breach Have on the company?
The breach resulted in an immediate loss of $7.5 million in grant funds allocated for distribution among five accounts.
How could this have been prevented?
Stronger security measures like multi-factor authentication and educating employees on identifying phishing emails could have avoided this breach.
What have we learned from this data breach?
The recent security incident underscores the significance of implementing strong cybersecurity protocols and continuous staff education in order to avert unauthorized entry to critical systems and information.
Summary of Coverage
Cybercriminals managed to steal $7.5 million in grant funds from the US Department of Health and Human Services by infiltrating an HHS system and deceiving employees into granting access to the accounts of grantees through targeted phishing communications.