A vendor that provides account receivable management services to Manchester, N.H.-based Catholic Medical Center has been affected by a cybersecurity breach that has impacted patient data.
On June 30, the vendor, Lamont Hanley & Associates, learned that an unauthorized party accessed and/or acquired certain files from its systems, according to an April 22 news release from the hospital. The unauthorized party gained access by using a phishing tactic that targeted an email employee account at Lamont Hanley.
On March 6, Lamont Hanley notified Catholic Medical Center that the unauthorized party was able to gain access to personal and health information related to its patients.
The vendor conducted an investigation into the breach, and, according to the press release, found no evidence of "specific data access or acquisition by an unauthorized party."
Despite this, it is not with 100% certainty that data within the account was not accessed or acquired by an unauthorized party, Catholic Medical Center wrote in the release.
The patient information potentially compromised includes names, Social Security numbers, dates of birth, medical and claim information, health insurance information, individual identification information, and financial account information.
Catholic Medical Center and Lamont Hanley & Associates are working together to notify the impacted individuals.