P2021-ND-284

Homewood Health Inc.

The Organization was the subject of a cyber-attack which resulted in the exfiltration and publication of client personal information on the data marketplace ?Marketo.? The Organization?s investigation determined that the attack on the network began on or about March 9, 2021, when an unknown device accessed the server(s) and exfiltrated records. It is believed the threat actor obtained credentials via phishing, then used offensive tools (Cobalt Strike) to propagate the attack. The attacker also attempted to deploy additional malware payloads. The Organization first received threatening emails from a threat actor in May 2021. These emails were thought to be innocuous; despite this, the Organization engaged its external cybersecurity team for investigation. On June 11, 2021, the Organization?s external security team obtained a sample of the exfiltrated records, and on June 22, 2021, determined that files contained personal information. Analysis of potentially affected records is ongoing.

File Type: pdf
Categories: 2021
Tags: Unauthorized access