There are several healthcare organizations that recently reported phishing attacks namely Tennessee Orthopaedic Alliance, Jefferson Dental Care Healthcare Management, and Munson Healthcare.
Phishing Attack on Tennessee Orthopaedic Alliance
Tennessee Orthopaedic Alliance (TOA) found out that unauthorized persons have accessed two employees’ email accounts. TOA knew about the breach on October 18, 2019 after detecting unusual activity in the email account of an employee. The account was quickly secured, and third-party computer forensics specialists were called in to look into the breach. The investigation showed a second email account was likewise compromised and unauthorized people accessed the accounts between August 16, 2019 and October 14, 2019.
On January 3, 2019, TOA confirmed that the compromised email accounts stored names, addresses, phone numbers, dates of birth, medical insurance information, Social Security numbers, diagnostic data, treatment information, and treatment fees.
Patients were informed regarding the breach on February 14, 2019. Those whose Social Security numbers were possibly compromised received complimentary credit monitoring and identity theft protection services. Although the attackers could have accessed the PHI in the accounts, TOA did not find any evidence that indicates the misuse of patient information.
It is indicated in the HHS’ Office for Civil Rights breach portal that the attack affected 81,146 patients.
PHI of 45,748 Jefferson Dental Care Healthcare Management Patients Exposed
Jefferson Dental Care Healthcare Management located in Dallas, TX learned that an unauthorized individual got access to the email account of an employee from July 21, 2019 to Aug. 26, 2019.
The dental care provider detected suspicious activity in the email account roughly on October 19, 2019 and secured the account quickly. On December 10, 2019, JDH Healthcare Management established that there were 45,748 patients’ PHI in the account. Although there is no evidence found to suggest the attacker accessed patient information, it is probable that names, dates of birth, addresses, medical treatment details, medical histories, health insurance data, payment information, patient numbers, and medical record numbers may have been compromised. JDH Healthcare Management offered complimentary credit monitoring and identity protection services to affected patients.
JDH Healthcare Management is going over its policies and procedures and implemented additional safeguards to improve email security.
Phishing Attack on Munson Healthcare
Munson Healthcare based in Traverse City, MI discovered that unauthorized people have acquired access to some employees’ email accounts. Third-party computer forensic specialists helped Munson Healthcare to determine the unauthorized access of the email accounts between July 31, 2019 and October 22, 2019.
After reviewing the affected email accounts on January 16, 2020, it was confirmed that the accounts contained the names of patients, dates of birth, insurance data, and treatment and diagnostic data. The accounts likewise comprised a limited number of driver’s license numbers, financial account numbers, and Social Security numbers.
Complimentary credit monitoring services were offered to people whose Social Security numbers were possibly compromised. Munson Healthcare will implement additional technical safety measures to avert the same breaches in the future.