Breach, Data Security

Patient data accessible after health staffers act on phishing emails


Patients may have had personal information – including Social Security numbers – accessed by unauthorized individuals after a small group of employees with Colorodo-based Centura Health responded to phishing emails.

How many victims? Unclear, but about 1,000 individuals were notified in Durango, according to a report

What type of personal information? Names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, treating physicians, diagnoses, Medicare Beneficiary numbers and Social Security numbers.

What happened? After responding to phishing emails, access may have been gained to email accounts – which contained the patient data – belonging to a small group of Centura Health employees.

What was the response? Centura Health cut off access and performed an investigation with an outside forensics expert. Centura Health is reinforcing education about phishing emails and is strengthening login authentication. Impacted individuals are being notified.

Details: The incident occurred on Feb. 11 and Centura Health learned of it on Feb 21.

Quote: “There is no evidence that the information in the emails was ever viewed or used in any way,” according to a notification on the Centura Health website.

Source:, “Notice to our Patients Regarding “Phishing” Incident,” April 22, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.