Why Phish a Mental Health Provider?
"It is not known what, if any, personal information about Harbor clients might have been obtained or viewed," wrote Steve Benjamin, senior Vice President at Harbor Behavioral Health (read the Toledo Blade story here). He continues: "…an unauthorized person gained access to an employee's email account between Feb. 6 and Feb. 11." Translated: Some yokel got phished.
The real yokel here is Harbor management, who have no DMARC enforcement/protection.
Mad Max's question is: WHY WOULD SOMEONE PHISH A MENTAL HEALTH ORGANIZATION? How do you monetize that? Roach a patient's bank account by phishing them? Access your spouse's psychiatrist's notes to find out who they've been cheating with? Blackmail the said cheating spouse? Identify a celebrity shrink and sell the story to the National Enquirer? Inquiring minds want to know.
But phishing these guys seems like a fairly high-risk/low-reward operation.
#dmarc #harborbehavioralhealth #phishing #databreach #mentalhealth