Colorado clinic notifies 23,000 patients after phishing incident

Julie Spitzer - Print  | 

Critical Care, Pulmonary and Sleep Associates in Lakewood, Colo., notified 23,377 patients about a potential exposure of their protected health information after an unauthorized individual gained access to an employee's email account.

Six things to know:

1. CCPSA learned on Nov. 23 that a cyberattacker had gained access to an employee's email account and sent phishing emails to individuals in the employee's electronic contacts.

2. The organization immediately launched an investigation into the incident, and determined the unauthorized user had accessed the email account between Aug. 14 and Nov.
23, 2018.

3. The investigation could not determine whether the hacker had viewed or copied patient data that was stored in the email account.

4. Personal data held in the email account included:

5. All employees were ordered to change their email account passwords Nov. 23, and CCPSA will be providing employees with mandatory security awareness training.

6. CCPSA is offering affected individuals one year of free credit-monitoring services.

More articles on cybersecurity:

5 Delaware health insurers hit in data breach
Insiders caused more than half of healthcare breaches in 2018: 4 notes
Alaska health department adds nearly 700,000 victims to breach count: 5 notes

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.