Cancer Treatment Centers of America notifies 16,800 patients of another phishing attack

Mackenzie Garrity - Print  | 

Cancer Treatment Centers of America has learned that an email account of an employee at its Atlanta-based Southeastern Regional Medical Center was the target in a phishing attack that may have exposed 16,819 patients, according to the HIPAA Journal.

The phishing attack happened on March 10 after an employee provided network login credentials to the malicious email. CTCA was alerted to the breach the following day and changed the password of the employee's account.

Although the account was accessible for less than two days, the hacker may have been able to view patients' names, addresses, medical record numbers, government identification numbers, health insurance information and some medical information. No Social Security numbers or financial information was affected, reports the HIPAA Journal.

This is the second phishing attack to expose CTCA patients in the past six months. A December 2018 data breach exposed the protected health information of 41,948 patients.

Patients who were affected in the March 2019 data breach have been told to monitor their explanation of benefits statement and other account statements.

Editor's note: This stroy was updated on June 4. An orginial version of this article referred to Southeastern Regional Medical Center as Southern Regional Medical Center. 

More articles on cybersecurity:
Indiana EHR provider agrees to $900K HIPAA violation settlement with 16 states
With 350,000 malware discoveries daily, HP creates partnership to combat cyberattacks
8 HIPAA-related cases 2019

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.