12,000 get credit protection after phishing attack
Data at Valley Professionals Community Health Center was accessed in November through the hack of an employee’s email account.
Executives of the healthcare organization, which operates six sites and a mobile health center in Indiana, on November 27 became aware of suspicious activity in an employee’s email account. A data forensics firm determined the attacker had access to data from October 26 to November 27.
In mid-December, Valley Professionals determined the hacker may have had access to 18 pieces of PHI including Social Security numbers and a small number of bank accounts, routing numbers, health insurance group numbers and member numbers.
“The type of information affected varies per impacted individual,” the organization told 12,000 affected patients in a notification letter. “Although we cannot confirm that any individual’s personal information was actually accessed, viewed or acquired without permission, we are providing this notice out of an abundance of caution. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of patient information as a result of this incident.”
At the time the breach was discovered, Valley Professionals changed the affected email account password and notified other employees to be aware of suspicious emails. Now, the organization is implementing additional safeguards and providing training to the workforce to avoid similar incidents reoccurring.
The organization did not immediately respond to requests for additional information.