Sunspire Health, a nationwide network of addiction treatment facilities, is notifying an undisclosed number of individuals and offering them credit and identity monitoring services after several employee email accounts were accessed in a phishing attack.
While the size of the Sunspire attack is not yet publicly known, the incident soon will be posted on the HHS Office for Civil Rights data breach web site.
Between mid-April and mid-May, Sunspire learned that multiple employees fell victim to a phishing attack that compromised several email accounts. In a phishing attack, a hacker sends emails to individuals under a legitimate employee name and fools one or more recipients into revealing security information about the network.
After discovering the breach, the organization secured email accounts and contracted with forensic investigators to determine the potential scope of information obtained. The investigation found that one or more attackers accessed email accounts between March 1 and May 4.
Protected health information that may have been compromised includes patient names, dates of birth, Social Security numbers, treatment and diagnosis information, and health insurance information.
“To date, there is no evidence the information in the emails has been misused in any way,” the organization said in a statement.
In addition to the protective services offered to patients, Sunspire is distributing information on how patients can protect themselves against identity theft and fraud, how to receive a free copy of their credit reports and how to place a fraud alert or security freeze on their credit files.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access