Salem Health Hospitals & Clinics Patients and Delta Dental of Arizona Plan Members Affected by Phishing Attacks

On July 31, 2019, Salem Health Hospitals & Clinics, Oregon encountered a phishing attack, which caused the unauthorized access of a number of employees’ email accounts by a person. Salem Health discovered the breach within the day of the attack and secured the compromised accounts quickly.

On September 27, patients got notification letters about the breach and were told about the review of affected accounts. Salem Health believes that the patient data contained in the compromised email accounts is minimal, which includes names, dates of birth, and information about the healthcare services received by the patients. When the notice was issued, the breach investigation was already in progress.

On November 7, 2019, Spokesman Elijah Penner of Salem Health said that the review of the incident showed no sign of patient data misuse. There was likewise no proof of the attacker accessing patient data contained in emails and file attachments.

Salem Health advised the affected patients to be careful and keep an eye on possible fraudulent transactions in their statement of accounts and explanation of benefits statements. Salem Health is improving email security and planning to give additional training to employees on identifying and avoiding malicious emails.

This breach incident is not yet posted on the HHS’ Office for Civil Rights breach portal. The number of affected patients is still unknown.

Delta Dental of Arizona’s July Phishing Attack

Delta Dental of Arizona suffered an email security breach, which exposed the data of plan members. On July 8, 2019, Delta Dental discovered the security breach because of suspicious activity in an employee’s email account.

The attacker used the employee’s credentials to access the email account. Delta Dental published a substitute breach notice on its webpage stating the lengthy and labor-intensive process of identifying which members’ information was compromised.

Delta Dental of Arizona issued a report on November 8, 2019 stating that no evidence was uncovered concerning the unauthorized data access, although its possibility cannot be eliminated. Hence, the breach notifications were sent to the affected members as a safety precaution.

The member’s information potentially compromised included names, birth dates, addresses, member ID numbers, Social Security numbers, driver’s license numbers, passport numbers, financial information, credit/debit card numbers, digital signatures, usernames/passwords, and dental insurance information.

The HHS’ Office for Civil Rights breach portal has not published the breach incident yet. For this reason, it is not yet certain how many members were affected.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone