Bellevue, Wash.-based Overlake Medical Center & Clinics, a 364-bed nonprofit community hospital, began alerting 109,000 patients Feb. 7 that their information may have been exposed in a phishing attack.
In December 2019, the hospital discovered that a limited number of employees had fallen victim to a phishing attack. Upon investigation, Overlake Medical Center & Clinics determined that the unauthorized third party had access to the email accounts between Dec. 6-9, 2019.
Patient data that may have been stored in the email accounts and possibly exposed included names, dates of birth, phone numbers, addresses, health insurance information, diagnoses and treatment information.
Overlake Medical Center & Clinics said there is no evidence that patient information has been misused. Since the incident, employee passwords have been reset and additional safeguards, such as multifactor authentication and email retention policies, have been implemented.
"We sincerely regret any concern or inconvenience this incident may cause our patients," said Overlake Medical Center & Clinics in an online statement. "To help prevent something like this from happening in the future, Overlake Medical Center & Clinics has implemented additional security measures to protect its systems and prevent similar situations from happening in the future."