Kaleida Health reports 2nd phishing attack in 2 months

Buffalo, N.Y.-based Kaleida Health began notifying affected patients about a phishing incident Aug. 25.

Kaleida Health officials on June 26 discovered an unauthorized individual may have accessed an employee's email account. Officials immediately hired an outside computer forensic firm to investigate the incident.

The investigation determined the unauthorized individual may have gained access to a small number of Kaleida Health email accounts, which may have included patient names, medical record numbers and diagnoses, among other information.

Officials reported 744 individuals were affected in the incident, according to an Aug. 25 submission to HHS' Office for Civil Rights breach portal.

There is no evidence patient information has been misused, according to Kaleida Health officials. However, officials are offering credit monitoring services to patients whose Social Security numbers may have been exposed.

The notification follows a separate security incident, in which Kaleida Health officials began notifying 2,789 patients July 21. In the earlier incident, hospital officials learned an unauthorized third party may have accessed one of its employee's email accounts May 24, also after a phishing attack.

Click here to view the full notice.

Editor's note: Becker's Hospital Review reached out to Kaleida Health for comment and will update as more information becomes available.

More articles on cybersecurity:
Third-party security flaw exposes information of nearly 9k Silver Cross patients
Microsoft: New email spam sends users to tech support scam websites
Uber enters settlement after FTC alleges deceptive data privacy claims: 6 things to know

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months