Fayetteville, Ark.-based Ozark Orthopaedics has notified 15,240 patients that their protected health information may have been exposed in a phishing attack.
In October, Ozarks Orthopaedics discovered unusual activity in its email system. After an investigation, the organization determined that four employees had fallen victim to phishing attacks.
Patient data that may have been exposed included names, treatment information, diagnosis information, prescription or medication information, health insurance information, Medicare/Medicaid identification numbers, Social Security numbers and financial account information.
Ozarks Orthopaedics said there is no evidence that patient data has been misused. The organization has taken steps to increase the security of its email system and reduce the chances of a similar incident from happening again.