Magellan Health Inc, a Fortune 500 company, was hit by a ransomware attack, leading to the theft of personal credentials from one of their corporate servers.

What is happening

The customers of Magellan Health comprise health plans organizations, governmental and military agencies, employers, labor unions, and third-party admins. A phishing email was sent on April 6, impersonating a client. The services of Mandiant, a cybersecurity firm, were immediately retained by Magellan as soon as the incident was detected.

The situation

  • The company is working with the FBI to implement better security protocols.
  • The customers, whose personal information was stolen, are being offered identity theft protection by Magellan.

What the experts are saying

  • Magellan stated that the malware was designed to steal login credentials for a select set of employees.
  • In the official letter, Magellan stated that they are unaware of any fraud events or misuse of stolen credentials.


  • The data breach notification was filed with the Office of the Attorney General of California.
  • The stolen records included names, employee IDs, addresses, and W-2 or 1099 tax form details.
  • Last year, Magellan Rx Management, Magellan Healthcare, and National Imaging Associates were impacted by potential data breaches following phishing attacks.

In essence

Although Magellan suffered significant damage from the ransomware attack, any unauthorized intrusion into other systems have not been found yet.

Cyware Publisher