PHI Breach of 33,370 Mount Sinai Hospital Patients and 1,400 Navicent Health Patients

The protected health information (PHI) of 33,730 Mount Sinai Hospital patients were compromised because of the cyberattack on American Medical Collection Agency (AMCA). Mount Sinai Hospital is the 24th healthcare organization to confirm the impact of the AMCA breach. So far, the breach has impacted close to 25 million people.

Mount Sinai Hospital received information on June 4, 2019 from AMCA regarding the unauthorized access of its web payment portal that contains the PHI of its clients’ patients. The web portal was compromised beginning August 1, 2018 until March 30, 2019 when AMCA discovered it and secured the site immediately.

The breach only affected the patients with outstanding medical payments and whose data were been accessed by AMCA to process collections. The compromised information included names, name of the healthcare service provider or laboratory, dates of service, referring physician, medical insurance information, and other medical information linked to the patient services provided by Mount Sinai Hospital.

Some patients’ financial information were also compromised. AMCA sent notifications to those people directly and provided them with credit monitoring services. Mount Sinai Hospital informed the other people affected by the breach.

Navicent Health Phishing Attack

Navicent Health in Macon, GA sent breach notifications to approximately 1,400 patients concerning the compromise of some of their PHI because of a phishing attack.

On June 24, 2019, Navicent Health learned about an employee who responded to a phishing email resulting in the unauthorized access of his/her email account. The information potentially compromised included the names of patients, phone numbers, addresses, medical information, insurance information, bank account info, Social Security numbers, and other personal records.

This is the second phishing attack on Navicent Health this year. The first phishing attack resulted in the compromise of 278,016 patients’ PHI. The breach occurred in July 2018, however it was only confirmed on January 24, 2019 that there was a breach of PHI.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at