Texas-based Seton Family of Hospitals is notifying approximately 39,000 patients that an employee's email address – which contained personal information – was compromised in a phishing attack.
How many victims? Approximately 39,000.
What type of personal information? Names, addresses, dates of birth, genders, and other demographic information, as well as medical record numbers, insurance information, limited clinical information and – in some cases – Social Security numbers.
What happened? A Seton employee's email address, which contained patient information, was compromised in a phishing attack.
What was the response? The username and password was shut down and an investigation was conducted with computer forensics experts. Seton is working with its email provider to enhance its security program, and will provide additional education to employees regarding phishing. All impacted individuals are being notified, and those who had Social Security numbers affected will be offered identity monitoring and protection services.
Details: The phishing attack occurred on Dec. 4, 2014, and Seton determined on Feb. 26 that employee email accounts subject to the phishing attempt contained personal health information.
Quote: “Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected e-mails to determine the scope of the incident,” according to a notification posted to the Seton website.
Source: seton.net, “Email Phishing Incident at Seton Family of Hospitals,” April 2015.