Application security, Breach, Data Security

The Oregon Clinic patient PHI exposed via email breach

The Oregon Clinic discovered on March 9 that an unauthorized third party had accessed an email account possibly exposing the personal health information for some of its patients.

The clinic, which offers a wide variety of health-related services, investigated the incident and on April 19 determined that the incident only affected a single email account and the hacker did not gain access to any other part of the clinic's network. The breach possibly revealed names, dates of birth, and certain medical information to include medical record numbers, diagnosis information, medical condition, diagnostic tests performed, prescription information, and/or health insurance information. In addition, some people may have had their Social Security numbers exposed.

The organization did not say how many people were affected, but The Oregon Clinic states on its website it handles about 420,000 annually.

The clinic reported it is now in the process of notifying the patients involved and is offering these people free credit monitoring services. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.