CVMC learned about the phishing attack Aug. 13 and immediately took steps to secure the affected accounts. On Aug, 24, an investigation into the incident determined some patient information was included in the three accounts, including names, dates of birth, treatment and procedure information, and health insurance information. A limited number of patients’ Social Security numbers were also compromised.
The hospital doesn’t believe the patient information has been misused. In addition to the notification letters, CVMC officials also established a dedicated call center to answer patient questions about the incident.
“To help prevent something like this from happening in the future, we have hired security experts to enhance our employee education; we have implemented tighter e-mail controls; and we continue to upgrade our hardware and software platforms to combat these malicious threats,” reads a statement on the organization’s website.
More articles on cybersecurity:
HITRUST rolls out program to help startups with privacy, security
HHS updates security risk assessment tool
5 things to know about IBM’s mobile cybersecurity training program
