More Than 1,300 DeKalb Health Patients' Information Compromised By Cyberattack, Phishing Scheme

Hacking incidents at Auburn, Ind.-based DeKalb Health have compromised the personal and health information of more than 1,000 of the system's patients.

On Feb. 12, DeKalb Health became aware a server controlled by a contract that operated DeKalb Health's website had been hacked. At that time, the health system discovered 17 of its patients who had utilized its online bill pay website had been affected by the breach. The affected patients' names, addresses, credit card numbers and Social Security numbers were potentially accessed by the hackers, according to the notification letter sent to those affected.

Shortly after discovering the bill pay website breach, DeKalb Health also discovered a fraudulent website — made to look like the health system's charity donation page — had been set up by the hackers. Using the fraudulent website, the hackers sent phishing emails to unknown individuals. DeKalb Health believes the phishing emails were sent to patients whose information was taken from the contractor's hacked server, according to the notification letter.  

To generate more traffic to the fraudulent page, the hackers also altered DeKalb Health's main website by inserting a link to the fraudulent donation page.

On March 27, DeKalb Health discovered information for an additional 24 patients was included on the contractor's hacked server. The affected patients' names, addresses, email addresses, dates of birth, hospital ID numbers, insurance information, Social Security numbers, telephone numbers and demographic information were contained on the compromised server, according to the notification letter.  

Subsequently, DeKalb Health discovered its database containing the information of 1,320 nursery babies was also contained on the hacked server. The babies' names, weights, lengths, dates of birth and parent names were on the server. The hackers also had access to passwords that would allow them to view the babies' information online, according to the notification letter.

As a result of the data breach, DeKalb Health has worked with the contractor to ensure the compromised server no longer contains DeKalb Health patients' information, and the health system is offering one year of free credit monitoring to all affected patients, according to the notification letter.

More Articles on Data Breaches:

Phishing Scam Compromises Information of 1,000 Centura Health Patients 
Boston Medical Center Vendor Posts 15,000 Patients' Information Online 
Seton Northwest Hospital Experiences Data Breach Following Device Theft 

 

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Content

Featured Webinars

Featured Whitepapers