An employee of a Houston area health clinic responded to a phishing email that allowed unauthorized access to thousands of patients' information in the email account, the health system running the clinic said.
Four things to know:
1. The Legacy Community Health Services employee responded to the phishing email, thinking it was a legitimate request, and gave an authorized person access to the email account April 10- 16, Legacy said. The system learned of the breach on April 16 and immediately secured the account.
2. The health system is reviewing the email account's contents to identify patients whose information was exposed in the breach. The email account included patient names, dates of service and related healthcare information.
3. Legacy, a full services federally qualified health center with clinics across Houston and the surrounding area, reported to HHS that there were 19,000 individuals affected by the breach.
4. The health system will notify affected patients, according to a statement about the incident on Legacy's website. The system said it does not have evidence that patient information was misused.
More articles on cybersecurity:
UnityPoint Health to pay $2.8M+ settlement over phishing attacks: 6 details
10 health system malware, ransomware and phishing incidents this month
UF Health business associate email hack exposes info of health plan members