Phishing attack on Ohio medical center exposes 155,000+ patients' PHI 

Jackie Drees - Print  | 

Five Rivers Health Centers in Dayton, Ohio, recently began notifying 155,748 patients that their protected health information had been exposed for two months due to an email phishing attack. 

Five Rivers Health Centers reported the breach to HHS on May 28 as affecting 155,748 individuals. In a security incident notice, the health center said it discovered that employee email accounts were accessed between April 1, 2020 and June 2, 2020 by an unauthorized user. 

The accounts contained patients' personal and protected health information including names, birth dates, addresses, medical record numbers, lab results, prescription details and health insurance details. A limited number of individuals' Social Security numbers, financial account numbers, payment card numbers and driver's license numbers were also exposed. 

Five Rivers is giving free credit monitoring services to patients whose Social Security numbers were exposed, and the health center said it is improving internal procedures to identify and reduce future cyber threats, including implementing two-factor authentication and revising employee cybersecurity training.

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.