The Oregon Clinic in Portland is notifying an undisclosed number of patients their protected health information may have been compromised when an unauthorized third party gained access to one of the clinic's email accounts.
The clinic discovered the intrusion March 9 and immediately disabled the unauthorized access to the account. It launched an investigation into the incident, which determined April 19 that PHI — including names, dates of birth and certain medical information such as medical record numbers, diagnosis information, medical condition, diagnostic tests performed, prescription information, and health insurance information — may have been affected. A small group of patients may have had their Social Security numbers compromised.
The Oregon Clinic offered affected individuals one free year of credit and/or identity monitoring services through Experian. The clinic is also recommending patients review their account statements and credit reports for suspicious activity.
Becker's Hospital Review reached out to The Oregon Clinic for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
15 healthcare privacy incidents in April
Ransomware infects computers at Center for Orthopedics Specialists; clinic notifies 85k
Transcription service MEDantex leaks medical records