Case Studies

Business Email Compromise Investigation for Health Data Management Company


FTI Cybersecurity was retained by a health data management company to investigate unauthorized access to the company’s network and corresponding business email compromise (BEC) fraud activity against their customers. FTI Cybersecurity conducted a complex cybersecurity investigation to understand the incident, inclusive of the root cause, the nature and extent of the intrusion, and historical targeting attempts.


FTI Cybersecurity’s investigation focused on understanding what tactics, techniques, and procedures the threat actor used to gain access to the company’s network. Our team conducted research and analyzed evidence and artifacts from numerous sources, including the dark web, audit logs of the company’s accounts, enterprise-wide data sources, and a forensic image of a compromised laptop. FTI Cybersecurity also provided recommendations to address the findings and further harden the company’s cybersecurity environment.


FTI Cybersecurity’s investigation showed that after many months of targeted messages, the threat actor successfully used a phishing campaign against one of the company’s employees to circumvent the company’s credential and two-factor authentication requirements. Based on these findings, FTI Cybersecurity provided recommendations to improve cybersecurity protections and prevent further incidents. Our team’s investigation showed no indication of continued access to the client’s accounts or systems by the threat actor after the situation was remediated.