Breach at Washington state surgery center affects 2,393 patients

A successful phishing attack put the protected health information of nearly 2,400 patients of a Washington state surgery center at risk.

Executives at Southwest Washington Regional Surgery Center in Vancouver, Wash., on November 6 notified 2,393 patients that their protected health information had been breached via a phishing attack on one employee’s email account.

Executives say hackers potentially were able to access to the account from May 27 to August 13 this year.

A forensic investigation and manual email review found that hackers could have accessed patients’ names, Social Security numbers, driver’s license numbers and medical information that could potentially include diagnosis, treatment, surgery, medications, lab tests, health insurance information and credit card numbers.

Southwest Washington Regional Surgery Center-CROP.jpg

The breach did not affect all the surgery center’s patients, and there is not yet any indication that patient information has been misused, Southwest Washington told affected patients.

Also See: 10 strategies to reduce the threat of phishing attacks

For patients whose Social Security or driver’s license numbers may have been compromised, the surgery center is offering credit monitoring and identity theft restoration services from an unnamed credit firm. All patients of the practice, which is part of the Peace Health delivery system serving Washington, Oregon and Alaska, have received information on protecting their records, obtaining a free credit report and placing a fraud alert or security freeze on their credit files.

After the breach, the organization updated passwords and enhanced email access protocols. Executives at Southwest Washington Regional Surgery Center did not respond to a request for additional information on the breach.

For reprint and licensing requests for this article, click here.