Employees at Akron, Ohio-based Summa Health were targets in phishing attacks in August 2018 and March 2019, according to Akron Beacon Journal.
Summa Health discovered that an unauthorized third party had gained access to employee email accounts on May 1. Upon investigation, the health system learned that employees had fallen victim to three separate phishing attacks.
The email accounts contained patient information, including names, dates of birth, medical record or account numbers, and clinical/treatment information. Some patients' Social Security numbers and driver's license numbers were also in the accounts.
Summa Health is unaware if patient information was viewed or accessed. There have been no reports of data misuse.
The health system sent letters on June 28 to 500 patients who were potentially affected. Summa Health has set up a call center for patients and is offering those affected free credit monitoring and protection services.
"To help prevent something like this from happening in the future, Summa Health is reinforcing employee training on privacy and security and is instituting additional security measures throughout the health system," Summa Health said in a statement.
More articles about cybersecurity:
UMass Memorial Health Care alerts 4,600 patients of phishing attack
Cybersecurity issue and trends on the horizon: 3 Qs with Edward Elmhurst Healthcare CISO Don Fosen
Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program