Phishing Attack on Chase Brexton Health Care Potentially Impacts 16,500 PHI

October 24, 2017 James Keogh HIPAA News

Phishing is probably the biggest data security threat that healthcare organizations have to face today. In the past few weeks, several phishing attacks on healthcare organizations had been reported. One of which was really serious having a potential of affecting 16,562 patients. The phishing attackers hit Chase Brexton Health Care on August 2 and August 3, 2017. Several employees received phishing emails that take the form of fake invoices and bogus notifications of package delivery with survey offers.

Four employees unaware of the scam took the surveys. They were directed to a page requiring them to enter their login information after the survey.  By logging in, they divulged their user account details. The management discovered the phishing attack on August 4 and blocked the employees’ access to their accounts. But before access was denied, the attackers have already re-routed employee payments to their own bank account.

It seemed that the phishing attack was not directed at gaining or stealing patient information. However, it is possible that some PHI were viewed or stolen. As a protocol, Chase Brexton Health Care notified its patients about the breach letting them know that PHI access is not suspected. Still, the company offered their patients free identity theft protection services. Potentially compromised information include names, birth dates, addresses, patient ID numbers, visit descriptions, provider name, service location, line of service, diagnosis codes, medication details and insurance info.

The investigators have accessed the bank account details of the phishing attackers but they have not yet identified the individuals behind the attack. Investigation by a third-party is still ongoing. Chase Brexton Health Care changed the passwords of the compromised accounts to block further access of the attackers. In addition, they implemented a new email spam filtering system to guard against future attempts of phishing. The employees were also given additional training on security protocols to avoid the occurrence of the same incident.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn