There are a number of healthcare providers that lately reported phishing attacks namely Munson Healthcare, Jefferson Dental Care Healthcare Management and Tennessee Orthopaedic Alliance.
Phishing Attack on Munson Healthcare
Munson Healthcare located in Traverse City, MI found out that unauthorized persons have obtained access to several employees’ email accounts. Third-party computer forensic professionals assisted Munson Healthcare to confirm the suspicious access of the email accounts from July 31, 2019 to October 22, 2019.
Right after checking the impacted email accounts on January 16, 2020, it was affirmed that the email accounts comprised the names of patients, birth dates, insurance details, and treatment and diagnostic details. The accounts additionally included some driver’s license numbers, financial account numbers, and Social Security numbers.
Free credit monitoring services were given to persons whose Social Security numbers were probably exposed. Munson Healthcare is going to employ more technical safety controls to stop comparable breaches later on.
PHI of 45,748 Jefferson Dental Care Healthcare Management Patients Compromised
Jefferson Dental Care Healthcare Management based in Dallas, TX found out that an unauthorized person obtained access to the email account of one employee from July 21, 2019 to Aug. 26, 2019.
The dental care provider noticed odd activity in the email account approximately on October 19, 2019 and protected the account without delay. On December 10, 2019, JDH Healthcare Management confirmed that the PHI of 45,748 patients were in the email account. Though there’s no proof discovered to signify the attacker viewed patient data, it is likely that names, birth dates, addresses, healthcare treatment data, medical histories, medical insurance details, payment data, medical record numbers, and patient numbers might have been exposed. JDH Healthcare Management made available free credit monitoring and identity protection services to impacted patients.
JDH Healthcare Management is looking at its policies and procedures and put in place extra safety measures to strengthen email security.
Phishing Attack on Tennessee Orthopaedic Alliance
Tennessee Orthopaedic Alliance (TOA) learned that unauthorized people have accessed two personnel email accounts. TOA discovered the data breach on October 18, 2019 after noticing odd activity in the email account of one employee. The account was promptly made secure, and third-party computer forensics professionals were hired to check out the breach. The investigation uncovered another email account was compromised as well and unauthorized persons accessed the accounts from August 16, 2019 to October 14, 2019.
On January 3, 2019, TOA established that the breached email accounts included names, addresses, telephone numbers, birth dates, health insurance data, Social Security numbers, diagnostic details, treatment data, and treatment expenses.
Patients were advised concerning the breach on February 14, 2019. People whose Social Security numbers were probably compromised got free credit monitoring and identity theft protection services. Even though the attackers might have viewed the PHI in the email accounts, TOA didn’t see any proof that suggests the improper use of patient data.
It is mentioned in the HHS’ Office for Civil Rights breach site that the attack impacted 81,146 patients.