A California-based cancer research and treatment center mentioned that some patient suffered data breach due to a phishing attack. According to the reports, four staff members had their email accounts accessed by an unauthorized party due to a phishing attack. Out of four, three accounts included emails that contained PHI, such as patient names, medical record numbers, dates of birth, addresses, email addresses, telephone numbers and some clinical information such as diagnoses, test results and dates of service.
“It does not appear that the phishing attack targeted protected health information; instead, it appears the accounts were accessed for the purposes of sending spam emails to other individuals,” the statement explained. “City of Hope is sending notification letters to the affected patients, and is taking all appropriate steps to mitigate any potential harm to affected individuals.” City Hope mentioned that only patients name and medical record number were affected for most.
Only one patient’s information which included Social Security numbers and financial information was affected. The statement failed to disclose how many individuals were potentially affected. “City of Hope took prompt action to secure the email accounts and end the intrusion,” the center stated. “In addition to notifying local law enforcement, City of Hope retained a leading forensic information technology firm to assist with its investigation of the incident, to evaluate its systems and processes and further strengthen its safeguards to protect against such attacks.”
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.