One hacked email account leads to PHI risk for 1,200
Five-hospital MultiCare Health System, serving the Tacoma, Wash., metropolitan area, is notifying about 1,200 individuals after the email account of one employee was hacked.
The organization learned of the attack in late November. As cyberattacks in the healthcare industry have increased, providers often learn that they have been hit when a law enforcement agency investigating one breach discovers other organizations have also been affected.
Protected health information that may have been compromised includes names, dates of birth, addresses, gender, dates of service, account balances, and diagnoses and treatment information.
Financial information and Social Security numbers were not accessed, and a media notice from MultiCare did not mention whether the system would provide protective services for affected consumers. The organization said it has no evidence that any information has been accessed or misused, but cautioned patients to review their explanation of benefit statements for irregularities.
MultiCare now is re-educating employees on security precautions including how to recognize “phishing” emails that appear to be legitimate but launch malware when clicked on. The company did not respond to a request for additional information.