Hackers access email of Aultman Hospital, occupational medicine branch
Hackers used a phishing attack earlier this year to access several email accounts at Aultman Hospital in Canton, Ohio, along with its AultWorks occupational medicine division and 25 physician practices.
The organization, in reporting the incident, said the attack put at risk protected health information for about 42,600 patients.
An investigation that involved forensic specialists determined that access to the email accounts started in mid-February and continued until late March. “We confirmed that this incident did not involve access to the computers that store the electronic health records for Aultman patients,” the hospital told affected individuals in notification letters.
Compromised data included patient names, addresses, dates of birth, physical exam reports, medical histories, test results and, for some individuals, Social Security numbers or driver’s license numbers. So far, there is no indication that vulnerable data has been improperly used.
Also, individuals’ information could be at risk if any of their patient data was contained in emails exchanged by their employers in communication with the AultWorks occupational medicine division, the hospital noted.
When the incident was discovered, Aultman personnel reset account passwords and made them longer, and since then has added security features to email accounts and strengthened security monitoring procedures.
Affected individuals who may have had their Social Security numbers or driver license numbers compromised will receive one year of identity protection and resolution services from Experian. “This product helps detect possible misuse of an individual’s personal information and provides identity protection support focused on immediate identification and resolution of identity theft,” patients were informed.