Indiana health center alerts patients of October phishing attack

Valley Professionals Community Health Center, a federally qualified health center headquartered in Cayuga, Ind., is notifying patients of a potential data breach involving their protected health information.

Six things to know:

1. VPCHC discovered suspicious activity on an employee email account Nov. 27.

2. It immediately launched an investigation, which determined an unauthorized third party had access to the email account dating back to Oct. 26.

3. Health center officials were unable to determine which individual emails stored in the account may have been opened. Potentially compromised information includes:

  • Names
  • Addresses
  • Social Security numbers
  • Dates of birth
  • Diagnosis, procedure or treatment information
  • Provider information
  • Patient identification numbers
  • Medical record numbers
  • Information regarding payment

4. For a limited amount of patients, bank account information, routing numbers, health insurance group numbers and member numbers may have also been compromised.

5. VPCHC's investigation is ongoing, but officials do not have any evidence that the hacker has misused patient information held in the email account. As a precaution, the health center is offering affected individuals free credit monitoring services.

6. As of Feb. 1, information regarding the data breach has not yet been posted to the HHS' Office for Civil Rights breach portal, which requires HIPAA-covered entities to report data breaches affecting 500 or more individuals.

More articles on cybersecurity:

Medical images especially vulnerable to alterations during cyberattacks, researchers say
Florida OB-GYN practice hit with ransomware, affecting files dating back to 2007
8 healthcare privacy incidents in January

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers