The Fortune 500 health care company said in a letter that the hacker gained access to its systems after sending a phishing email impersonating a client on April 6. The attacker accessed one corporate service with some information like names, addresses, tax details and Social Security numbers, and used malware designed to steal passwords.
“At this point, we are not aware of any fraud or misuse of any of your personal information as a result of this incident,” Magellan wrote in the letter to those whose information was compromised in the incident.
Magellan filed the notice with the California attorney general’s office Monday.
"Unfortunately, these sorts of attacks are increasingly common," a Magellan spokesperson told FOX Business. "We take the safety, security, and reliability of our operations and services with the utmost seriousness. We have taken a number of additional measures to further strengthen our security policies and protocols. We are aggressively investigating this matter and will continue to provide updates to those impacted as the investigation continues."
The company said it’s working with the FBI and that it added more security protocols to protect against a similar incident from happening.
Magellan is also providing identity theft protection for people whose personal information was affected.
“We take the privacy and security of your personal information very seriously and we sincerely regret any concern this incident may cause you,” the company wrote in the letter.
Ransomware is an ongoing threat for businesses, governments and other entities. In 2019, the FBI’s Internet Crime Complaint Center received 2,047 complaints of ransomware with losses totaling $8.9 million.