Patient data accessible after health staffers act on phishing emails

Share this article:

Patients may have had personal information – including Social Security numbers – accessed by unauthorized individuals after a small group of employees with Colorodo-based Centura Health responded to phishing emails.

How many victims? Unclear, but about 1,000 individuals were notified in Durango, according to a report

What type of personal information? Names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, treating physicians, diagnoses, Medicare Beneficiary numbers and Social Security numbers.

What happened? After responding to phishing emails, access may have been gained to email accounts – which contained the patient data – belonging to a small group of Centura Health employees.

What was the response? Centura Health cut off access and performed an investigation with an outside forensics expert. Centura Health is reinforcing education about phishing emails and is strengthening login authentication. Impacted individuals are being notified.

Details: The incident occurred on Feb. 11 and Centura Health learned of it on Feb 21.

Quote: “There is no evidence that the information in the emails was ever viewed or used in any way,” according to a notification on the Centura Health website.

Source:, “Notice to our Patients Regarding “Phishing” Incident,” April 22, 2014.

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.