Urgent care provider notifies 13K to data breach

Julie Spitzer - Print  | 

Austin, Texas-based MedSpring Urgent Care, which operates urgent care centers in five Midwestern and Southern states, is notifying 13,034 patients seen at its Illinois facilities about a potential data breach resulting from an employee who fell victim to an email phishing scam May 8.

Immediately after discovering the attack May 17, MedSpring blocked the unauthorized third party's access to the email account and launched an investigation into the attack. The investigation determined information stored in the compromised email account may have included patients' names, account numbers, medical record numbers, and dates of medical services received.

MedSpring doesn't have any evidence the information was viewed or misused, but it is providing affected individuals one year of free identity protection and fraud resolution services.

"We take the protection of our patients' information very seriously and have taken steps to prevent a similar incident from occurring in the future, including the implementation of additional technological security features designed to prevent future phishing scams," the organization said in a notice.

More articles on cybersecurity:

HIPAA through the years: 5 biggest fines since 2008
Flaw in medical devices might allow hackers to change patient vital signs, McAfee finds
Telemedicine vendor exposes data from 2M patients in Mexico

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.