Email Phishing scam leads to data breach

April 20th, 2015 by admin Leave a reply »

St. Vincent Medical Group, Inc. suffered data breach when approximately 760 patients’ PHI got exposed. Employee’s username and password was compromised because of an email phishing scam which resulted in to the incident. St. Vincent learned about the data breach on Dec. 3, 2014, and said that it “immediately shut down the username and password of the impacted account and launched an investigation into the matter.”

The affected information includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Limited clinical information related to services patients received was also included.

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” As per the statement.

As per the St.Vincent individual medical records and billing records were not accessed.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said.

St. Vincent mentioned that complimentary identity monitoring and protection services will be offered to patients whose Social Security number was exposed. It will also be providing further employee education on how to avoid phishing scams.

This is not the first time St.Vincent suffered data breach. Earlier, St. Vincent Breast Center mistakenly sent letters with patient information to the wrong addresses.

As per the previous statement:

“Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned,” St. Vincent said on its website. “The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply