University of North Carolina Chapel Hill School of Medicine has been hit by a phishing attack in which the protected health information of 3,716 patients has potentially been obtained by unauthorized individuals.
A review by third-party forensics experts revealed that a number of employee email accounts were compromised between May 17, 2018 and June 18, 2018. It is not obvious when the security breach was first detected.
The range of information in emails and email attachments in the impacted accounts varied from patient to patient and may have included names, birth dates, demographic data, Social Security numbers, health insurance information, financial account information, and credit card details.
Impacted individuals were alerted about the breach on November 12, 2019. Patients whose Social Security numbers were possibly compromised have been offered free credit monitoring and identity theft protection services.
Multi-factor authentication has now been put in place and employees have been given with further cybersecurity and phishing awareness training.
Three Email Accounts Infiltrated in Phishing Attack on Starling Physicians
The Connecticut physician group, Starling Physicians P.C. has revealed that the personal and health information of certain patients has possibly been compromised in a phishing attack.
The attack took place on February 8, 2019 and a third-party forensics firm was hired to carry out an investigation into the breach and assess the nature on scope of the attack. Three employee email accounts were found to have been compromised.
Starling Physicians became aware on September 12 that the compromised email accounts included names, addresses, dates of birth, Social Security numbers, passport numbers, health insurance information, billing information, and medical data of certain patients. It is unclear when the phishing attack was first noticed.
Notification letters were shared with affected patients on November 12, 2019. Patients whose Social Security number was possibly compromised have been offered free credit monitoring and identity theft protection services.
The HHS’ Office for Civil Rights breach portal shows 977 patients have been impacted by the breach.