MedSpring Urgent Care alerts 13,000 about potential data access

Register now

An immediate care chain with sites in six metropolitan areas across the country is contacting patients after it was compromised in a phishing attack.

MedSpring Urgent Care, which also does business as Choice One Urgent Care, is notifying more than 13,000 affected individuals following a phishing scam that compromised protected health information. The chain operates more than 60 centers in Atlanta, Austin, Baltimore, Chicago Dallas/Fort Worth and Houston.

“On May 8, 2018, an employee was the victim of an email phishing scam that that we learned on May 17, 2018, may have resulted in unauthorized access to the employee’s email account,” MedSpring recently told patients in a notification letter. “Email phishing scams involve an attempt by an unauthorized individual to obtain sensitive information such as usernames and passwords by disguising as a trustworthy entity.”

Following discovery, access to the email account was blocked, and forensic specialists were engaged to assess the attack and determine if information had been accessed.

Also See: 7 keys to an effective anti-phishing program

Investigators say the attacker may have accessed data that could include patient names, account numbers, medical record numbers, and dates and services delivered.

MedSpring is not aware of unauthorized viewing or use of data and has given affected individuals information on how to protect their accounts and obtain credit reports.

The organization also is offering one year of identity protection and fraud resolution services from Experian. In addition, it’s implementing software to prevent phishing scams in the future.

MedSpring declined to provide additional information details about the incident.

For reprint and licensing requests for this article, click here.