An unauthorized individual pretended to be an executive at New York City-based VillageCare Rehabilitation & Nursing Center to gather information on patients.
The hacker was able to trick an employee into sending information on patients. After VCRN learned of the phishing incident, officials began investigating the incident with the help of a third-party forensic specialist.
VCRN is notifying 674 patients that their information may have been exposed. Patient data that might have been sent to the unauthorized person included names, dates of birth, insurance information, provider names and identification numbers. VCRN said there is no evidence that patient information has been misused.
"We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures. We reported this incident to law enforcement and regulatory authorities," said VCRN in a news release.