Patient data accessible after health staffers act on phishing emails

Share this article:

Patients may have had personal information – including Social Security numbers – accessed by unauthorized individuals after a small group of employees with Colorodo-based Centura Health responded to phishing emails.

How many victims? Unclear, but about 1,000 individuals were notified in Durango, according to a report

What type of personal information? Names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, treating physicians, diagnoses, Medicare Beneficiary numbers and Social Security numbers.

What happened? After responding to phishing emails, access may have been gained to email accounts – which contained the patient data – belonging to a small group of Centura Health employees.

What was the response? Centura Health cut off access and performed an investigation with an outside forensics expert. Centura Health is reinforcing education about phishing emails and is strengthening login authentication. Impacted individuals are being notified.

Details: The incident occurred on Feb. 11 and Centura Health learned of it on Feb 21.

Quote: “There is no evidence that the information in the emails was ever viewed or used in any way,” according to a notification on the Centura Health website.

Source:, “Notice to our Patients Regarding “Phishing” Incident,” April 22, 2014.

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Professor hacks University Health Conway in demonstration for class

A computer science professor from the City College of San Francisco accessed a University Health Conway server containing patient data as part of a demonstration for a class.

Another breach involving Onsite Health Diagnostics, Kansas City hospital impacted

Children's Mercy Hospital is notifying more than 4,000 individuals that their information may have been compromised after an Onsite Health Diagnostics system was breached.

Vitamin seller website attacked, payment cards and other info compromised

Credit and debit cards, as well as other information, may have been compromised by an attacker who gained access to computer system.