Patient data accessible after health staffers act on phishing emails

Share this article:

Patients may have had personal information – including Social Security numbers – accessed by unauthorized individuals after a small group of employees with Colorodo-based Centura Health responded to phishing emails.

How many victims? Unclear, but about 1,000 individuals were notified in Durango, according to a report

What type of personal information? Names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, treating physicians, diagnoses, Medicare Beneficiary numbers and Social Security numbers.

What happened? After responding to phishing emails, access may have been gained to email accounts – which contained the patient data – belonging to a small group of Centura Health employees.

What was the response? Centura Health cut off access and performed an investigation with an outside forensics expert. Centura Health is reinforcing education about phishing emails and is strengthening login authentication. Impacted individuals are being notified.

Details: The incident occurred on Feb. 11 and Centura Health learned of it on Feb 21.

Quote: “There is no evidence that the information in the emails was ever viewed or used in any way,” according to a notification on the Centura Health website.

Source: centura.org, “Notice to our Patients Regarding “Phishing” Incident,” April 22, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.