Fort Worth, Texas-based MHMR of Tarrant County began notifying 6,524 patients that their information may have been exposed in a phishing attack.
In December, MHMR determined that a limited number of employees had fallen victim to an email scheme. Upon investigation, the group discovered that the email accounts had been accessed by an unauthorized third party between Oct. 14-16, 2019.
Patient data that may have been exposed included names, Social Security numbers, driver's license numbers and limited information about the care they had received.
After discovering the unauthorized access, MHMR secured the email accounts. While MHMR is unsure if patient data was accessed, there is no evidence that patient information has been misused. MHMR is recommending patients review any statements they receive from their healthcare providers.
"We deeply regret any concern or inconvenience this incident may cause our clients. To help prevent something like this from happening again, we are implementing additional email security, we are reinforcing education with our employees on how to identify and avoid phishing emails, and we are actively engaged in enhancing our security infrastructure and systems," said MHMR in a news release.