Email investigation - have we been hacked?



  • Here's an odd one.

    A patient wanted to provide some feedback to our office, so they wrote a letter, then somehow scoured the internet in search of email addresses to send to.

    Starting with what I assume was our published website, they assumed our email domain was the same as our website @urologycenterpc.net & @urologycenterpc.com. Additionally he guessed a domain of @urologycenter.com - which we do not own.

    The patient originally sent emails only to potential addresses that he guessed at based upon the physician names that are on our website (we have no email addresses listed on the site).

    They received several rejection emails (which only happened because he used a domain that does not belong to us. I know this because my domains don't provide any rejections to bad addresses.

    Since the sender assumed no one got any of their original emails, they seem to have restored to googling the physician names from the website, and gathered a bizarre list of email addresses, some valid, some invalid, some relatives, etc.

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    The patient did include their name, contact and place of employment - so I'm guessing they likely aren't a hacker - they simply want their concerns heard, and likely want a response.

    So - I need to pass along some examples of how it is likely that the personal email addresses were found. I plan to google the names from our site myself.

    Is there anything else I should check?

    What would you check to give yourself another level of assurance that your system hasn't been breached?

    PS - I need to toss in here an adjacent piece of information.

    Last week, we scheduled a patient for a procedure. That day or the next day, that patient received an email from someone other than us about those types of procedures. The patient was concerned that our system was either selling that data, or was compromised, and this third party was advertising to him based up on the gathering of that data from us.
    The patient assures us that they hadn't searched for this information from their computers - so it seemed unlikely that something got linked from his side.

    So these two entirely unrelated incidents have management on edge.

    Thoughts?



  • These types of attacks happen often and certainly wouldn't be considered being hacked. Scapers do this all the time and send phishing emails. It is also common to have legit emails attacked as well as non legit emails that are dropped. This actually very common.



  • @Dashrender said in Email investigation - have we been hacked?:

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    Investigate the data. Is it emergency contacts or other type of information that you 100% have?



  • @IRJ said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    Investigate the data. Is it emergency contacts or other type of information that you 100% have?

    emergency contacts?
    other types of information that I what?



  • Just saw this and reminded me of an email this morning from a customer asking about it. Basically they spoof the domain and then expect to extort someone over their supposed bad online habits.



  • @Dashrender said in Email investigation - have we been hacked?:

    @IRJ said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    Investigate the data. Is it emergency contacts or other type of information that you 100% have?

    emergency contacts?
    other types of information that I what?

    if you have access to the employee files for the docs , you can check to make sure it wasn't an emergency contact in that employee file i think is what he's saying



  • @WrCombs said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    @IRJ said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    Investigate the data. Is it emergency contacts or other type of information that you 100% have?

    emergency contacts?
    other types of information that I what?

    if you have access to the employee files for the docs , you can check to make sure it wasn't an emergency contact in that employee file i think is what he's saying

    Those aren't digital.



  • @Dashrender said in Email investigation - have we been hacked?:

    @WrCombs said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    @IRJ said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    This second list, including relatives have left the physicians concerned - have we been hacked? If not, how did they get my relative's email address? - which I already mentioned one possibility above.

    Investigate the data. Is it emergency contacts or other type of information that you 100% have?

    emergency contacts?
    other types of information that I what?

    if you have access to the employee files for the docs , you can check to make sure it wasn't an emergency contact in that employee file i think is what he's saying

    Those aren't digital.

    Well, then it'd be pretty hard to hack that , eh? 😉



  • one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried?

    Thoughts?



  • @Dashrender said in Email investigation - have we been hacked?:

    one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried?

    Thoughts?

    You dont have that data either, right?



  • @IRJ said in Email investigation - have we been hacked?:

    @Dashrender said in Email investigation - have we been hacked?:

    one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried?

    Thoughts?

    You dont have that data either, right?

    What do you mean?