Immediately after discovering the attack May 17, MedSpring blocked the unauthorized third party’s access to the email account and launched an investigation into the attack. The investigation determined information stored in the compromised email account may have included patients’ names, account numbers, medical record numbers, and dates of medical services received.
MedSpring doesn’t have any evidence the information was viewed or misused, but it is providing affected individuals one year of free identity protection and fraud resolution services.
“We take the protection of our patients’ information very seriously and have taken steps to prevent a similar incident from occurring in the future, including the implementation of additional technological security features designed to prevent future phishing scams,” the organization said in a notice.
More articles on cybersecurity:
HIPAA through the years: 5 biggest fines since 2008
Flaw in medical devices might allow hackers to change patient vital signs, McAfee finds
Telemedicine vendor exposes data from 2M patients in Mexico
