Phishing Attack on Presbyterian Healthcare Services Exposed PHI of 183,000 Patients
The Albuquerque, NM-based not-for-profit health system, Presbyterian Healthcare Services, has experienced a phishing attack that saw the email accounts of several employees subjected to unauthorized access.
The phishing attack was discovered by Presbyterian Healthcare Services on June 6, 2019. The breach investigation revealed the email accounts were compromised a month previously, on or around May 9, 2019.
Upon discovery of the breach, all affected email accounts were secured to prevent further access. An analysis of the compromised email accounts revealed they contained the protected health information (PHI) of 183,370 individuals. Compromised PHI was limited to names, dates of birth, Social Security numbers, and clinical and health plan information. Affected individuals have been advised to check their statements from their providers and health plans for signs of misuse of their personal information.
Presbyterian Healthcare Services has implemented additional safeguards to protect its email system and all employees will be required to undergo annual cybersecurity training. Employees will also be sent regular reminders about safeguarding PHI and avoiding phishing scams.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Lost Thumb Drive Contained PHI of 27,000 Renown Health Patients
27,004 patients of Reno, NV-based Renown Health are being notified that some of their protected health information was saved on an unencrypted thumb drive that has been declared lost.
The device contained information such as patient names, diagnoses, medical record numbers, clinical information, dates of admission, and physician’s names. The breach was limited to patients who had received inpatient services at Renown South Meadows Medical Center between January 1, 2012 and June 14, 2019.
The drive is believed to have been lost on June 30, 2019. The employee who reported the device missing was questioned, and a thorough search was conducted, but the portable storage device could not be located.
Renown Health is reviewing its policies concerning the use of portable storage devices and will be reeducating its employees on safeguarding PHI.