New York health system alerts patients of phishing attack

Lagrangeville, N.Y.-based Health Quest began notifying an undisclosed number of patients Jan. 10 that their information may have been exposed in a phishing attack.

In October, Health Quest ended its investigation of a phishing incident. The health system found that a number of employees had fallen victim to a phishing attack, resulting in staff being tricked into disclosing their credentials to an unauthorized third party.

Patient data that may have been exposed included names, dates of birth, Social Security numbers, Medicare claim numbers, driver's license numbers, provider names, dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with security codes, and payment care information.

Health Quest has secured the email accounts that were compromised. The health system recommends patients review any statements they receive from their providers and health insurers. 

Health Quest is a part of Nuvance Health, a seven-hospital system in Hudson Valley, N.Y., and western Connecticut.

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.