Presbyterian Healthcare Services is informing 183,000 of its patients and health plan members that their PII was compromised after an employee fell victim to a phishing scam.
While the Albuquerque, N.M.-based Presbyterian began sending letters to those affected earlier this month, this is the first time the full extent of the data breach has been released.
“At this time, it is estimated that data involving approximately 183,000 patients and health plan members may have been affected, and more may be identified and notified in the coming weeks. While our investigation is ongoing, we want to stress that we have no evidence indicating that any patient or member data has been used in any way and there was no access to our electronic health record or billing systems,” said Dale Maxwell, president and CEO of Presbyterian Healthcare Services.
The data breach, which was made public on August 2, was discovered on June 6 when the organization realized unauthorized access had been gained though a phishing attack sometime before May 9. The email accounts that were accessed contained patient and/or health plan member names and might have contained dates of birth, Social Security numbers and clinical and/or health plan information.