Scam calls/emails
-
Well, my boss ran reports - there is no common employee to these incidents. So far, the only common thing is the EHR itself.
Found the details on #2 - I'll update the OP.
-
@Dashrender said in Scam calls/emails:
Well, my boss ran reports - there is no common employee to these incidents. So far, the only common thing is the EHR itself.
And there was another incident to add to the list - I'll update the OP.
Is your EHR hosted or on-prem?
-
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
Well, my boss ran reports - there is no common employee to these incidents. So far, the only common thing is the EHR itself.
And there was another incident to add to the list - I'll update the OP.
Is your EHR hosted or on-prem?
Hosted - I believe it's a true cloud based app, but I'm not 100% sure. The system has something like 36 DBs and clients are spread over these DBs, but it's definitely not a 1 to 1 DB/client setup. I assume it's something akin to O365.
-
We are going to be doing a report to see if there are any common IPs accessing these three patients.
-
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
-
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
-
an FYI in case anyone cares... athenaNet has a single user database for their entire system. So if you work at two different hospital/clinics that both use athenaNet, then you only have one account that accesses both systems...
-
@Dashrender said in Scam calls/emails:
an FYI in case anyone cares... athenaNet has a single user database for their entire system. So if you work at two different hospital/clinics that both use athenaNet, then you only have one account that accesses both systems...
Yeah, unfortunately that is extremely common practice. They just use a different identifier to segment customers.
-
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
-
@Dashrender said in Scam calls/emails:
an FYI in case anyone cares... athenaNet has a single user database for their entire system. So if you work at two different hospital/clinics that both use athenaNet, then you only have one account that accesses both systems...
So all it really takes is someone that has changed jobs a number of times to companies that all use this same athenaNet?
-
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
yup, started the process on Friday - then the line got disconnected.
I have to call them back today.
-
@travisdh1 said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
an FYI in case anyone cares... athenaNet has a single user database for their entire system. So if you work at two different hospital/clinics that both use athenaNet, then you only have one account that accesses both systems...
So all it really takes is someone that has changed jobs a number of times to companies that all use this same athenaNet?
I'm not sure what you are asking?
There is only one athenaNet. The way they want you to handle users is to never delete them from your system - so in our case we would have somewhere around 50+ people in our system that no longer work here all taking up space in our drop downs because the system has no way of hiding, yet leaving them in, ex-employees. So we say screw that - and delete them. This of course causes us a different problem, once we delete them, we can no longer run reports on them, we have to contact athenaHealth (the company) and have them run the reports for us,
We'd be happy to leave the users in as no access users, if there was a way to remove them from all of the active user lists - which are used everyday multiple times per day by nearly everyone - as a way to assign tasks to others.
-
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
yup, started the process on Friday - then the line got disconnected.
I have to call them back today.
Hopefully you didn't get disconnected today?
-
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
yup, started the process on Friday - then the line got disconnected.
I have to call them back today.
Hopefully you didn't get disconnected today?
Sadly, the call back didn't happen today.
-
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
yup, started the process on Friday - then the line got disconnected.
I have to call them back today.
Hopefully you didn't get disconnected today?
Sadly, the call back didn't happen today.
Figures.
-
@scottalanmiller said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
@dafyre said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
We are going to be doing a report to see if there are any common IPs accessing these three patients.
Also check and see if the patients are in the same DB?
They are - all of our patients are in a single DB.. each client of the EHR is in a single DB. I.e. we are a client, and all of our patients are in a single DB.
I would put a call in to the EHR for sure and tell them what's been happening.
yup, started the process on Friday - then the line got disconnected.
I have to call them back today.
Hopefully you didn't get disconnected today?
Sadly, the call back didn't happen today.
Figures.
Oh, this was on me, not them. I'm just swamped with user issues - training a new user, etc.
-
This post is deleted! -
I've made the call back.
the EHR vendor say - nope not us - unless we've had such a catastrophic hack that we can't detect it in our logs.
-
@Dashrender said in Scam calls/emails:
the EHR vendor say - nope not us - unless we've had such a catastrophic hack that we can't detect it in our logs.
"Not in our logs" is a pretty weak defense of not having been hacked.
-
@scottalanmiller said in Scam calls/emails:
@Dashrender said in Scam calls/emails:
the EHR vendor say - nope not us - unless we've had such a catastrophic hack that we can't detect it in our logs.
"Not in our logs" is a pretty weak defense of not having been hacked.
While true, I would also lean towards his network being infected and him not knowing it, over a large EHR vendor.
We also know (assume as a smaller SMB) he has no SEIM to give him information about the state of his network.