It is scary how quickly attacks can escalate and impact organizations within a supply chain, where messages from friendly accounts are typically trusted.

An email compromise can spread quickly

On January 4, an attacker took over an email account at a healthcare organization called Alphonsus Health System in Boise Idaho. During the two days it took for the compromise to be discovered, the attacker had used the stolen email account to send invoices to other organizations, including Alphonsus’s sister hospital, Saint Agnes Medical Centre in Fresno, CA.

saint agnes

Sensitive records were impacted

This attack resulted in the exposure of an undisclosed number of records, which included patient addresses, phone numbers, dates of birth, and some Social Security Numbers and credit card numbers.

This kind of attack typically exploits employees’ lack of good password protection practices, combined with insufficient or ineffective training on how to spot phishing messages.



Did you know that Click Armor has gamified phishing assessments? If you’re wondering what these look like, you can try a simple gamified phishing assessment at to test your own phishing awareness skills. We can do it for teams, as well, without even needing to register employees into accounts. Contact us to learn more.


Photo from Saint Alfonsus Facebook page.