Middlesex Hospital in Connecticut may have inadvertently allowed the personal information of almost 1,000 patients to be compromised through a phishing scam.
How many victims? 946
What type of information? The information involved includes the patients name, address, date of birth, medical record number, medication, date of service and the date of diagnosis. The compromised information did not include Social Security numbers or any access to a person's full medical records.
What happened? In October four hospital employees were victimized by a phishing campaign
What was the response? The hospital has notified the affected patients and offered each free credit monitoring for a year and the hospital said it is taking the necessary steps to prevent such an incident from happening again, but did not go into detail on these actions.
Details? On October 9 the hospital discovered that four workers had all opened a malicious email that potentially could lead to various pieces of personal information being released on 946 hospital patients.
Quote? "The information compromised did not include direct access to full medical records or any Social Security numbers. All patients involved in the breach have been notified and are being offered free credit monitoring for one year, as a precaution.”
Source: Middlesex Hospital