Oregon healthcare provider warns 25,000 patients of malware attack

Portland, Ore.-based Native American Rehabilitation Association of the Northwest began notifying patients Jan. 3 that their information may have been exposed in a data breach.

In November, the healthcare provider discovered that a limited number of staff had fallen victim to a phishing attack. The phishing emails contained the computer malware known as Emotet. The U.S. Department of Homeland Security notes that Emotet is a costly and destructive malware that has affected state, local and tribal governments as well as organizations in the private sector.

After an investigation, NARA determined that 344 current or former patients had their electronic records accessed without authorization or were at a greater risk of unauthorized access. Additionally, according to the Office for Civil Rights, 25,187 patients may have been affected.

Patient data that may have been exposed included names, addresses, dates of birth, Social Security numbers and medical record numbers. In some instances, clinical information, such as diagnoses, services or treatments, may have also been affected.

Since the phishing attack, NARA was able to remove the malware, restrict unauthorized access and had staff reset their passwords. Additional endpoint protections have also been installed to monitor for suspicious activity on computers.

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers