Patient data accessible after health staffers act on phishing emails

Share this article:

Patients may have had personal information – including Social Security numbers – accessed by unauthorized individuals after a small group of employees with Colorodo-based Centura Health responded to phishing emails.

How many victims? Unclear, but about 1,000 individuals were notified in Durango, according to a report

What type of personal information? Names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, treating physicians, diagnoses, Medicare Beneficiary numbers and Social Security numbers.

What happened? After responding to phishing emails, access may have been gained to email accounts – which contained the patient data – belonging to a small group of Centura Health employees.

What was the response? Centura Health cut off access and performed an investigation with an outside forensics expert. Centura Health is reinforcing education about phishing emails and is strengthening login authentication. Impacted individuals are being notified.

Details: The incident occurred on Feb. 11 and Centura Health learned of it on Feb 21.

Quote: “There is no evidence that the information in the emails was ever viewed or used in any way,” according to a notification on the Centura Health website.

Source: centura.org, “Notice to our Patients Regarding “Phishing” Incident,” April 22, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Fraud reports from a 'few dozen' customers in Sheplers payment card breach

Western wear retailer Sheplers is notifying an undisclosed number of customers that their payment card information may have been exposed.

Two laptops containing patient data stolen from American Family Care

The two laptops stolen from American Family Care were password protected, yet unencrypted, and may have contained Social Security numbers.

Viator investigates payment card breach, notifies 1.44 million customers

More than 1.4 million Viator customers are being notified that their personal data, including payment card information, may have been compromised.