The County of Johnston disclosed today (Friday) a data breach may have affected participants in one of its employee benefits plans. To administer those plans, Johnston County contracted with a third-party administrator, Interactive Medical Systems Corporation (IMS).
On December 31, 2019, IMS received a technical alert concerning the email address of an IMS employee which indicated the employee’s email account was compromised. There was no indication other accounts within IMS were affected.
IMS initiated an investigation, including a review of all emails in the user’s account during the compromised period and engaging a third-party cybersecurity firm to perform a comprehensive forensics investigation. The investigation confirmed that emails within the affected user’s email account between July 19 and December 31, 2019 were exposed to an unknown unauthorized third party as a result of a sophisticated phishing attack.
A “phishing” attack is a malicious email that appears to be legitimate to entice the user into giving up login information. There would be a link in the email that appears to lead to your own email system login page, but instead takes you to an identical looking page hosted on a malicious server.
Through the forensic investigation, IMS determined that the categories of personal information exposed varies for each affected individual and may have included: First and Last Name, Last Four Digits of Social Security Number, Transaction Date and Amount, Plan Sponsor/Employer Name. The full Social Security Number was never compromised.
IMS has assured Johnston County officials that it has taken steps to prevent a similar event from occurring in the future, and to otherwise protect the privacy and security of plan participant information. There was no indication that County of Johnston systems were involved in the phishing attack.
Affected Johnston County employees were notified by mail Feb. 14th of the data breach. Any county employee who has questions about the data breach can contact IMS at 1-833-315-0436 for more information. The company is also asking all affected employees to closely monitor credit card account statements and monitor your credit report for unauthorized activity. If you see any unauthorized activity, immediately contact your financial institution.