5,500 employees company Magellan health hacked. Cyber security team & F5 big-IP firewall could not stop data breach

Ransomware attacks remain a major concern for cloud computing security experts. Magellan Health, an Arizona-based company, has begun notifying an undisclosed number of employees that their personal data was compromised as part of a cyberattack that included data theft and ransomware infection.

On April 11, the Fortune 500 listed company discovered that it had been the victim of a ransomware attack. The hackers reportedly gained access to Magellan Health’s network five days earlier, through a social engineering campaign in which attackers posed as the company’s customers.

After detecting the attack, Magellan began research in collaboration with external cloud computing security specialists. The researchers determined that before the payload was delivered to the company’s networks, threat actors extracted sensitive information from one of the corporate servers. Stolen data includes personal details of some employees.

Reportedly, the compromised information includes full names, contact details, employee identification numbers, social security numbers, and taxpayer details. Hackers also managed to extract login credentials and passwords from some of the company’s computers.

The incident was reported to the US authorities, including the Federal Bureau of Investigation (FBI), which began working with the company to complete the investigation. The company also implemented stricter security protocols for access to its network and email systems and servers.

For cloud computing security experts, this incident is further a sign of the increase in “double extortion” attacks, in which hackers gain access to a compromised network, extract sensitive information, and infect the network with ransomware variants. The authorities mention that medical services companies are particularly exposed to these kinds of attacks.

One of the first reports of double extortion occurred at Saint Francis Healthcare Partners, which at the end of 2019 reported a “sophisticated cyber attack” that compromised the information of about 38,000 patients. Apparently, an unidentified threat actor managed to access the information, although the company did not specify the method used by the malicious hacker.

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.