Indiana health system alerts 68,000 patients of data breach

Gary, Ind.-based Methodist Hospitals is notifying 68,039 patients that their protected health information may have been exposed in a data breach.

The health systems discovered unusual activity in an employee's email account in June. Upon investigation, Methodist Hospitals determined that two employees fell victim to a phishing attack. Collectively, the unauthorized third-party had access to the email accounts between March 13 and July 8.

Methodist Hospitals said there is no evidence that any patient information has been misused.

Patient data stored on the email accounts included names, addresses, health insurance information, group identification numbers, Social Security numbers, financial account numbers, payment care information, medical record numbers and treatment information.

The health system is recommending patients review account statements and explanation of benefits forms as well as monitor credit reports for any suspicious activity.

"We take this incident and the security of personal information in our care very seriously. Upon learning of this incident, we moved quickly to conduct an investigation, which included working with third-party forensic investigators, to confirm the nature and scope of the event. Additionally, while we have security measures in place to protect data in our systems, we are reviewing our existing policies and procedures and implementing additional safeguards to further protect information," Methodist Hospitals said in a statement.

More articles on cybersecurity:
8 hospitals, health systems hit by ransomware attacks
Cancer Treatment Centers of America alerts 3,200 patients of data breach
Why cyberattacks can be crippling to smaller hospitals

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers