HC3 Warns Of Mailchimp’s
Data Breach To Healthcare Providers

Contents

A data breach affecting a reputable email marketing platform that has been used to send phishing emails has been discovered by the Health Sector Cybersecurity Coordination Center (HC3).

While the unlawful access was used to target users in the cryptocurrency and financial sectors, it’s feasible that the unauthorized access may be used to target users in the Healthcare and Public Health (HPH) sector as well.

These businesses should be aware of the threat and take the necessary precautions.

What Happened?

Mailchimp, an email marketing platform company, revealed a compromise affecting one of its internal technologies used by its customer service and account management staff on April 4, 2022.

Although Mailchimp disabled the compromised employee accounts upon the breach’s discovery, threat actors were still able to see about 300 Mailchimp user accounts and gain audience data from 102 of them, according to the company’s CISO.

Additionally, threat actors gained access to an unspecified number of customers’ API keys, which enabled attackers to develop custom email campaigns, such as phishing campaigns, and send them to mailing lists without logging into the MailChimp client interface.

While HC3 is currently aware of only one phishing campaign that exploited this unauthorized access to send phony data breach notification emails to users in the cryptocurrency and finance sectors (which was reportedly carried out with exceptional sophistication and planning), the Healthcare and Public Health (HPH) sector should remain vigilant for suspicious emails originating from legitimate email marketing platforms such as Mailchimp.

It’s critical to remember that APT groups have previously used legitimate mass mailing providers to launch malicious email campaigns against a diverse range of businesses and industry verticals.

.

Preventing Social Engineering Attacks

There are a variety of ways you can prevent social engineering attacks whether in the office, working remotely, or surfing the web at home including:

  • User awareness training continues to be one of the most effective defenses against phishing attempts, which are a type of social engineering, particularly in this campaign, which used emails from a reputable source.
  • Additional mitigation measures include the implementation of antivirus and network intrusion prevention systems, as well as the restriction of web-based information that is not required for business operations.
  • A Vulnerability Management system that keeps workstations continually patched can help to mitigate any vulnerabilities that an attacker would use to gain a foothold in your network is vital.
    Anti-spoofing and email authentication technologies can also be used to filter communications based on the sender domain’s authenticity (through SPF) and the message’s integrity (using DKIM).
  • Enabling these processes within an organization (through policies such as DMARC) may enable recipients to undertake comparable message filtering and validation (both intra- and cross-domain).

Article by

Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Categories

The Breach Report

Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.

Related Breaches