The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Phishing Attack on Presbyterian Healthcare Services Exposed PHI of 183,000 Patients

Posted By on Aug 26, 2019

The Albuquerque, NM-based not-for-profit health system, Presbyterian Healthcare Services, has experienced a phishing attack that saw the email accounts of several employees subjected to unauthorized access.

The phishing attack was discovered by Presbyterian Healthcare Services on June 6, 2019. The breach investigation revealed the email accounts were compromised a month previously, on or around May 9, 2019.

Upon discovery of the breach, all affected email accounts were secured to prevent further access. An analysis of the compromised email accounts revealed they contained the protected health information (PHI) of 183,370 individuals. Compromised PHI was limited to names, dates of birth, Social Security numbers, and clinical and health plan information. Affected individuals have been advised to check their statements from their providers and health plans for signs of misuse of their personal information.

Presbyterian Healthcare Services has implemented additional safeguards to protect its email system and all employees will be required to undergo annual cybersecurity training. Employees will also be sent regular reminders about safeguarding PHI and avoiding phishing scams.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Lost Thumb Drive Contained PHI of 27,000 Renown Health Patients

27,004 patients of Reno, NV-based Renown Health are being notified that some of their protected health information was saved on an unencrypted thumb drive that has been declared lost.

The device contained information such as patient names, diagnoses, medical record numbers, clinical information, dates of admission, and physician’s names. The breach was limited to patients who had received inpatient services at Renown South Meadows Medical Center between January 1, 2012 and June 14, 2019.

The drive is believed to have been lost on June 30, 2019. The employee who reported the device missing was questioned, and a thorough search was conducted, but the portable storage device could not be located.

Renown Health is reviewing its policies concerning the use of portable storage devices and will be reeducating its employees on safeguarding PHI.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist