{
	"id": "41609bf8-3041-40af-a93b-32aa42e3a2a7",
	"created_at": "2026-04-06T00:10:03.801436Z",
	"updated_at": "2026-04-10T03:20:05.765658Z",
	"deleted_at": null,
	"sha1_hash": "02a899671f7d6f492ad773589804aab3843053aa",
	"title": "MU Health Care Reports Second Phishing Attack of the Year",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 65922,
	"plain_text": "MU Health Care Reports Second Phishing Attack of the Year\r\nBy Steve Alder\r\nPublished: 2020-09-29 · Archived: 2026-04-05 19:38:39 UTC\r\nPosted By on Sep 29, 2020\r\nUniversity of Missouri Health Care (MU Health Care) has experienced a phishing attack that saw several\r\nemployee email accounts compromised between May 4 and May 6, 2020. An investigation into the breach\r\nrevealed the compromised email accounts contained patient information including names, account numbers, dates\r\nof birth, health insurance information, Social Security numbers, and driver’s license numbers.\r\nMU Health Care has notified all patients affected by the attack and has offered individuals whose Social Security\r\nnumber was potentially compromised complimentary credit monitoring services. No reports have been received\r\nthat suggest any patient information has been misused. Two breach reports have been submitted to the HHS’\r\nOffice for Civil Rights (OCR) about email-related data breaches, one on June 11, 2020, involving the protected\r\nhealth information of 5,074 patients, and another on September 17, 2020, involving the protected health\r\ninformation of 189,736 individuals. MU Health also reported an email breach last year on August 2, 2024,\r\ninvolving the protected health information of 14,402 patients.\r\nData Leaked Following University Hospital SunCrypt Ransomware Attack\r\nUniversity Hospital, a teaching hospital in Newark, NJ, has experienced a ransomware attack involving SunCrypt\r\nransomware. The attack occurred in September 2020. Prior to the use of ransomware, the attackers exfiltrated\r\naround 48,000 documents, some of which were published on the ransomware operator’s data leak site.\r\nIt is unclear at this stage how many patients have been affected by the breach, but the leaked data did include\r\nsome patient data, including names, dates of birth, Social Security numbers, driver’s license numbers, and other\r\ndata.\r\nGet The FREE\r\nHIPAA Compliance Checklist\r\nImmediate Delivery of Checklist Link To Your Email Address\r\nPlease Enter Correct Email Address\r\nhttps://www.hipaajournal.com/mu-health-care-phishing-attack-impacts-5000-patients/\r\nPage 1 of 2\n\nYour Privacy Respected\r\nHIPAA Journal Privacy Policy\r\nThe attack appears to have started with a phishing email that resulted in the TrickBot Trojan being downloaded.\r\nSunCrypt ransomware was delivered as a secondary payload.\r\nUniversity Hospital has confirmed that a ransom of $640,000 was paid to the attackers for the keys to decrypt files\r\nand to prevent 240 GB of data from being published.\r\nPHI of 4,806 Patients Potentially Compromised in UCare Minnesota Phishing\r\nAttack\r\nThe non-profit health plan, UCare Minnesota, has experienced a phishing attack involving several employee email\r\naccounts. An investigation was launched into a suspected breach when suspicious network activity was detected in\r\nApril 2020. On May 4, 2020, UCare Minnesota determined certain email accounts had been accessed by an\r\nunauthorized individual. The email accounts were immediately secured and were subjected to a review to\r\ndetermine whether member information had been accessed.\r\nUCare Minnesota learned on September 1, 2020, that the email accounts contained the personal and protected\r\nhealth information of 4,806 individuals, including names, birth dates, healthcare provider names, diagnosis\r\ninformation, and health insurance ID numbers.\r\nNo evidence was found to suggest any information was exfiltrated or misused by the individuals responsible for\r\nthe attack. UCare Minnesota has since re-educated employees on phishing attacks and has bolstered email\r\nsecurity.\r\nNebraska Medicine Suffers Cyberattack\r\nNebraska Medicine has announced it has suffered a cyberattack that has taken its computer systems out of action.\r\nThe cyberattack occurred on Sunday, September 25, 2020, resulting in an outage that caused “significant\r\ninformation technology system downtime.”\r\nWithout access to critical IT systems, Nebraska Medicine was forced to postpone appointments for patients who\r\nwere due to have elective procedures or had other non-emergent health concerns. Medicine issued a statement on\r\nSeptember 24 stating normal operations would resume “in days”. The emergency room remained open and no ER\r\npatients were diverted to alternate facilities.\r\nIt is unclear whether patient records were accessed or stolen in the attack, but Nebraska Medicine confirmed that\r\nno patient records were deleted or destroyed and that all patient data could be recovered from backups.\r\nSource: https://www.hipaajournal.com/mu-health-care-phishing-attack-impacts-5000-patients/\r\nhttps://www.hipaajournal.com/mu-health-care-phishing-attack-impacts-5000-patients/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.hipaajournal.com/mu-health-care-phishing-attack-impacts-5000-patients/"
	],
	"report_names": [
		"mu-health-care-phishing-attack-impacts-5000-patients"
	],
	"threat_actors": [],
	"ts_created_at": 1775434203,
	"ts_updated_at": 1775791205,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/02a899671f7d6f492ad773589804aab3843053aa.pdf",
		"text": "https://archive.orkl.eu/02a899671f7d6f492ad773589804aab3843053aa.txt",
		"img": "https://archive.orkl.eu/02a899671f7d6f492ad773589804aab3843053aa.jpg"
	}
}