The protected health information (PHI) of 33,730 Mount Sinai Hospital patients were compromised because of the cyberattack on American Medical Collection Agency (AMCA). Mount Sinai Hospital is the 24th healthcare organization to confirm the impact of the AMCA breach. So far, the breach has impacted close to 25 million people.
Mount Sinai Hospital received information on June 4, 2019 from AMCA regarding the unauthorized access of its web payment portal that contains the PHI of its clients’ patients. The web portal was compromised beginning August 1, 2018 until March 30, 2019 when AMCA discovered it and secured the site immediately.
The breach only affected the patients with outstanding medical payments and whose data were been accessed by AMCA to process collections. The compromised information included names, name of the healthcare service provider or laboratory, dates of service, referring physician, medical insurance information, and other medical information linked to the patient services provided by Mount Sinai Hospital.
Some patients’ financial information were also compromised. AMCA sent notifications to those people directly and provided them with credit monitoring services. Mount Sinai Hospital informed the other people affected by the breach.
Navicent Health Phishing Attack
Navicent Health in Macon, GA sent breach notifications to approximately 1,400 patients concerning the compromise of some of their PHI because of a phishing attack.
On June 24, 2019, Navicent Health learned about an employee who responded to a phishing email resulting in the unauthorized access of his/her email account. The information potentially compromised included the names of patients, phone numbers, addresses, medical information, insurance information, bank account info, Social Security numbers, and other personal records.
This is the second phishing attack on Navicent Health this year. The first phishing attack resulted in the compromise of 278,016 patients’ PHI. The breach occurred in July 2018, however it was only confirmed on January 24, 2019 that there was a breach of PHI.