Sunspire Health patient data at risk from email breach

Sunspire Health, a nationwide network of addiction treatment centers notified 6,737 patients and offered them credit and identity monitoring services after several employee email accounts were accessed in a phishing attack.

Between mid-April and mid-May, Sunspire learned that multiple employees fell victim to a phishing attack that compromised several email accounts. In a phishing attack, a hacker sends emails to individuals under a legitimate employee name and fools one or more recipients into revealing security information about the network.

Also See: Med Associates hit by hack, data of 270,000 compromised

After discovering the breach, the organization secured email accounts and contracted with forensic investigators to determine the potential scope of information obtained. The investigation found that one or more attackers accessed email accounts between March 1 and May 4.

Sunspire Health-CROP.png

Protected health information that may have been compromised includes patient names, dates of birth, Social Security numbers, treatment and diagnosis information, and health insurance information.

“To date, there is no evidence the information in the emails has been misused in any way,” the organization said in a statement.

In addition to the protective services offered to patients, Sunspire is distributed information on how patients can protect themselves against identity theft and fraud, how to receive a free copy of their credit reports and how to place a fraud alert or security freeze on their credit files.

For reprint and licensing requests for this article, click here.