Hacker breached Minnesota state agency e-mail, placing data of 11,000 at risk
Chris Serres reports:
A data breach last year at the state agency that oversees Minnesota’s health and welfare programs may have exposed the personal information of approximately 11,000 individuals.
The state Department of Human Services (DHS) notified lawmakers Tuesday that an employee’s e-mail account was compromised as a result of a cyberattack on or about March 26, 2018. A hacker unlawfully logged into a state e-mail account of a DHS employee and used it to send two e-mails to one of the employee’s co-workers, asking that co-worker to pay an “invoice” by wiring money.
Read more on Star Tribune.
In their letter to state legislators, the agency highlighted a step it took to prevent further recurrences:
MNIT and DHS have taken important steps to help prevent such incidents from happening in the future. Notably, in February 2019, MNIT deployed a new cybersecurity tool that blocks malicious links and attachments in emails intended for state employees. This tool could have prevented many of the breaches experienced by DHS, including the breach described in this letter.
MNIT and DHS also continue to train employees on how to identify and report the increasingly sophisticated cyberattacks being perpetrated against DHS, and have revised their policies and procedures to ensure that they can appropriately and quickly respond to data security incidents.
So how expensive is that cybersecurity tool? How cumbersome is it to deploy systemwide? And is it really new, or was it available prior to March 2018?
Given how prevalent phishing attacks and email attacks are, I guess I’m asking why everyone isn’t using a tool like this? There really may be a reasonable explanation, and I hope someone with actual security expertise can help me understand why it’s not more universal already.