Security Experts:

Connect with us

Hi, what are you looking for?



400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company

Monongalia Health System (Mon Health) this week disclosed a business email compromise (BEC) incident that was the result of unauthorized access to its email system.

Monongalia Health System (Mon Health) this week disclosed a business email compromise (BEC) incident that was the result of unauthorized access to its email system.

Mon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the email system between May 10 and August 15, 2021.

As part of the incident, cybercriminals compromised a Mon Health contractor’s email account and used it to send messages in an attempt to obtain funds through fraudulent wire transfers.

The investigation also revealed that the miscreants managed to compromise other email accounts as well, but Mon Health believes that the purpose of the attack was BEC fraud.

Regardless, during the breach, the attacker likely had access to emails and attachments containing employee, contractor and provider information, as well as patient data, and the organization is currently in the process of notifying the affected individuals.

Potentially compromised data includes names, birth dates, addresses, patient account numbers, Medicare Health Insurance Claim Numbers, medical record numbers, health insurance plan member ID numbers, claims and treatment information, provider names, and dates of service.

The organization informed the U.S. Department of Health and Human Services this week that over 398,000 people might have been affected in the incident.

Mon Health also notes that it has since secured the affected email accounts and reset their passwords, and says that its electronic health records systems were not compromised during the incident. No other affiliated healthcare facilities or hospitals were compromised and their services and operations, as well as those of Mon Health, were not disrupted.

The organization encourages affected patients to review statements received from healthcare providers, to ensure they are not charged for services they did not receive.

“To help prevent something like this from happening again, Mon Health is continuing to review and enhance its existing security protocols and practices, including the implementation of multi-factor authentication for remote access to its email system,” the organization said.

Located in North Central West Virginia, Mon Health operates a network of hospitals, outpatient centers, and integrated physician clinics, including affiliated hospitals Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company.

Related: 2.1 Million People Affected by Breach at DNA Testing Company

Related: Utah Medical Group Discloses Data Breach Affecting Over 580,000 Patients

Related: Israeli Hospital Targeted in Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...