Carle Foundation in the US state of Illinois has confirmed that a phishing incident was at the root of a data breach the healthcare body suffered in the summer of this year.
Carle Foundation Hospital, which comprises three hospitals in Urbana, Illinois, stated that an individual without authorisation obtained access to the email accounts of three Carle doctors.
The accounts were immediately secured and an investigation was launched in partnership with a leading cyber-security firm to help identify which information had been compromised in the attack.
The probe found that items of patients’ personal information were held in the affected accounts, some of which may have included patient names, health records, birth dates and clinical information such as diagnosis and treatment plans. Patient social security numbers and financial data were not caught up in the incident, it is believed.
In response to the breach, a press release issued by Carle said that the incident only impacted upon “certain patients that received cardiology or surgery services at Carle.”
“We have no indication the unauthorised person used patient information in any way or viewed the emails containing patient information,” noted a press release.
Immediately after the breach, Carle Foundation Hospital promptly reached out to potential victims, stating:
“In an abundance of caution, we mailed letters to affected patients on August 16, 2019, and established a dedicated call center to answer questions.
“We recommend patients review the statements they receive from their healthcare providers. If they see services they did not receive, please contact the provider immediately.
“We deeply regret any inconvenience or concern this incident may cause you. To help prevent something like this from happening in the future, we are enhancing our email security and providing additional employee training,” the email added.
The post #privacy: US hospital confirms data breach was down to phishing attack appeared first on PrivSec Report.