Over 15,000 Patients Affected by Two Hospital Breaches Due to Phishing Attacks

Artesia General Hospital in Artesia, NM had a phishing attack, which caused the exposure of the protected health information (PHI) of 13,905 patients.

The hospital identified the breach on June 18, 2019 because of the unauthorized sending of email messages through the email account of a hospital employee. Forensic investigation of the breach showed that an unauthorized man or woman logged into the account on June 11 up to June 18.

A top-notch computer forensics company looked into the breach, yet uncovered no evidence that data was stolen. So far, there’s no statement concerning PHI misuse or theft.

The following patient data were found within the email accounts: names of patients, patient account numbers, birth dates, medical record numbers, medical insurance information, and some treatment and/or clinical records, such as names of the provider. diagnoses and dates of service. The Social Security numbers of a number of patients were likewise compromised.

The hospital has enhanced its security awareness training program and integrated more powerful email security. Patients who had their Social Security numbers exposed received complimentary credit monitoring and identity theft protection services.

Phishing Attack on Carle Foundation Hospital

Carle Foundation Hospital in Urbana, IL had a phishing attack which led to the breach of the email accounts of three physicians.

On June 24, 2019, the hospital spotted the security breach and started an investigation. Based on the investigation results, the email accounts breach happened three weeks earlier. With the assistance of an independent cybersecurity company, the hospital confirmed the exposure of patient names, medical record numbers, birth dates, clinical information, diagnoses and treatment coverage. The breach impacted about 1,600 patients who acquired cardiology or surgery support at the hospital.

Although there was no evidence that PHI was misused or stolen, the hospital notified the affected patients. To avoid another incident such as this, employees are due for retraining while email security will have improvements.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone