Artesia General Hospital, located in Artesia New Mexico, has stated that protected health information (PHI) of 13,905 patients has been illegally accessed in a planned phishing attack.
The breach was discovered when an employee’s email account was seen to have been used to send unauthorized emails. The breach was first noticed on June 18, 2019 and the forensic analysis revealed the account had been accessed by an unauthorized person between June 11 to June 18.
A leading computer forensics firm was hired to investigate the breach, but nothing to suggest data theft had taken place was discovered. So far, no reports have been received to suggest PHI has been stolen or improperly used.
The email accounts included patients’ names, birth dates, patient account numbers, medical record info, health insurance information, and some treatment and/or clinical details, like diagnoses, dates of service, and provider names. A small subset of affected patients also had Social Security numbers accessed.
The hospital has enhanced security awareness training and extra measures are being implemented to improve email safety. Patients who had their Social Security number accessed are being provided with complimentary credit monitoring and identity theft protection services.
Phishing Attack Impacts 1,653 Patients of Carle Foundation Hospital
The email accounts of three medics at Carle Foundation Hospital in Urbana, IL have been infiltrated in a phishing attack.
The security breach was discovered on June 24, 2019 and the investigation showed the accounts were compromised three weeks previously on June 3, 2019. Assisted by a third-party cybersecurity firm, the hospital determined names, medical record numbers, birth dates, diagnoses, treatment measures, and clinical information were exposed. Affected patients had been given cardiology or surgery services at the hospital.
No proof of data theft of PHI misuse was found and notifications were sent ‘out of an abundance of caution.’ To prevent further incidents, employees are being given extra training and email security is being enhanced.