Hospitals and health systems had to juggle various cyberattacks, with phishing schemes being one of the most common. Below is a list of 21 notable phishing attacks this past year on healthcare organizations.
1. Greenly, Colo.-based Sunrise Community Health notified an undisclosed number of patients about a security incident that may have exposed their protected health information.
2. Rocky Hill, Conn.-based Starling Physicians mailed letters to an undisclosed number of patients Nov. 12 about a security incident that may have exposed patient information.
3. Albuquerque, N.M.-based Presbyterian Health Plan was notified by its managed care company vendor Magellan Health that more than 56,000 patients may have had their protected health information exposed in a phishing attack.
4. A limited number of employees at University of Cincinnati Health were targets in a phishing attack that may have exposed patients' protected health information.
5. Bonita Springs, Fla.-based NCH Healthcare System investigated a data breach after 73 employees fell victim to a phishing attack.
6. Macon, Ga.-based Navicent Health notified 1,400 patients that their information may have been exposed in a data breach.
7. Vinton, Iowa-based Virginia Gay Hospital alerted an unknown number of patients about a phishing attack that may have exposed their protected health information.
8. Around 3,200 Ann Arbor-based Michigan Medicine employees were targets in a phishing attack. Of those employees, three responded to the phishing emails, which may have exposed patient information.
9. Two employees at Columbia-based University of Missouri Health Care were targets of a phishing attack that gave an unauthorized third-party access to the email accounts between April 23 and May 1.
10. An employee of Los Angeles County Department of Health Services contractor Nemadji Research Corp. fell victim to a phishing attack in March that exposed 14,591 L.A. County patients' personal information.
11. Employees at Akron, Ohio-based Summa Health were targets in phishing attacks in August 2018 and March 2019.
12. UMass Memorial Health Care's behavior health service in Worcester sent letters to 4,598 patients notifying them of an April 18 data breach.
13. Nine employees within Oregon's Department of Human Services opened a phishing email on Jan. 8 that may have exposed around 645,000 people.
14. Cancer Treatment Centers of America learned that an email account of an employee at its Atlanta-based Southeastern Regional Medical Center was the target in a phishing attack that may have exposed 16,819 patients.
15. Centennial, Colo.-based Centura Health notified 7,515 patients last week that their information may have been exposed due to a phishing attack.
16. A phishing attack on an employee's email account at Oregon State Hospital may have exposed patients' protected health information.
17. Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targeted in a phishing attack that may have put the information of 23,000 patients at risk.
18. Springfield, Mass.-based Baystate Health notified about 12,000 patients of a Feb. 7 phishing attack.
19. Rutland (Vt.) Regional Medical Center mailed letters to an undisclosed number of affected patients notifying them of a recent data breach.
20. Memorial Hospital at Gulfport (Miss.) sent letters to roughly 30,000 patients Feb. 15 notifying them of a data breach.
21. Pawnee City, Neb.-based Pawnee Country Memorial Hospital notified 7,175 patients that some of their protected health information may have been exposed when a hospital employee was tricked by a phishing email in November 2018.