The incident did not involve patients’ Social Security numbers, banking, credit card or insurance information. Billings Clinic’s financial and EHR systems were not compromised.
Upon discovering the incident, Billings Clinic immediately disabled access to the account and launched an investigation. Hospital officials also moved to enhance the security of the clinic’s email system.
The investigation revealed the hacker only obtained access to messages and attachments within the individual’s email account. Much of the compromised information was used for appointment scheduling between 2008 and 2011.
“Unfortunately, healthcare organizations across the nation are under constant attack by cyber criminals. We take the protection of our patients’ data very seriously,” Billings Clinic CIO Randy Thompson, MD, said in an emailed statement to Becker’s Hospital Review. “We are continuously enhancing our cybersecurity capabilities as these attacks become more prolific.”
More articles on cybersecurity:
Texas physician group notifies 18K of data breach after email hack
Tennessee health department exposes patient HIV statuses for 9 months
Healthcare is No. 3 fastest industry to fix vulnerabilities once discovered
