Emails were sent to hospital employees containing a malicious link. If employees clicked on the malicious link, they were directed to a website that asked them to enter their email credentials. The hacker then gained access to their email accounts.
An investigation found the hacker’s emails were sent in November. A review of the incident was completed Feb. 19, revealing the protected health information of 23,811 patients had been exposed, the HIPAA Journal reports.
Patients’ names and treatment or consultation information was affected. A limited number of emails contained health insurance information, Social Security numbers or financial information.
More articles on cybersecurity:
Facebook is a hotbed for cybercriminal groups
VA medical center inadvertently shares 4,000+ patients’ health information
Texas hospitals record most cyberattacks in US
