Recent Phishing Attacks at Lynn Community Health Center, Auris Health and Montgomery Hospice

A brief summary of healthcare phishing attacks that were published recently.

PHI of 1,800 Patients Likely Exposed Because of Lynn Community Health Center Phishing Attack

Lynn Community Health Center (LCHC) based in Massachusetts found out that an unauthorized individual accessed an employee’s email account right after responding to a phishing email message. LCHC identified the phishing attack on November 25, 2020 and quickly secured the email account. With the assistance of a digital forensics firm, LCHC confirmed that at most 4 email accounts were affected in the attack.

An evaluation of the likely compromised accounts showed they comprised patient names along with one or more of these data elements: Mailing address, birth dateBirth date , telephone number, insurance data, medical record number, diagnoses, and other clinical details. The Social Security number of some patients were likewise exposed.

The continuing investigation hasn’t discovered any information that indicates patient information theft or misuse, however as a preventative measure, people who had their Social Security number possibly exposed received offers of credit monitoring and identity theft protection services at no cost.

Further security procedures are being enforced to stop further email security breaches. Data handling best practices are being changed, and personnel security awareness training were strengthened.

Auris Health Alerts Patient Concerning March 2020 Email Account Breach

Auris Health located in Redwood City, CA began informing selected patients about an unauthorized person who probably accessed a number of of their PHI due to an employee email account breach last March 2020.

Upon learning about the breach, account access was ended and an inquiry was done to know the nature and extent of the breach. The investigation into the attack is continuing, nevertheless Auris Health has confirmed that the breached email account contained patient names combined with at least one of the following data elements: tax identification number, Passport Number Social Security Number, medical insurance number, health details, payment card data, and financial account number(s).

Auris Health is enforcing more security measures to stop more breaches down the road, which include bettering its email authentication steps. Impacted persons got offers of free membership to credit and identity theft monitoring services for 2 years.

1,440 People Impacted by Montgomery Hospice Phishing Attack

Montgomery Hospice, Inc. based in Rockville, MD has discovered that an unauthorized person acquired access to an employee’s email account on August 20, 2020. The breach was discovered last November 16, 2020 and the email account was quickly protected.

An independent cybersecurity company was called in to help with the investigation, however, it was impossible to find out which if any, email messages in the account the unauthorized person viewed or copied. An analysis of the email account affirmed the exposure of 1,440 patients’ PHI, which included names, medical record numbers, birth dates, Social Security numbers, medical insurance details, and limited medical data.

Impacted persons were notified regarding the breach starting on January 15, 2021. The Social Security numbers of just a small number of patients were exposed and those persons received free credit monitoring and identity protection services.

Since the breach, the hospice had improved email security as well as its security facilities. Additional training were given to the employees regarding how to recognize and avert phishing emails.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone