Clinic patients receive malware-infected emails due to vendor breach

A new data breach and malware incident reinforces the need for organizations to vet cybersecurity for their vendors, as well as themselves.

Some patients at the Cincinnati-based Mayfield Brain & Spine clinic received emails containing malware after an unauthorized person accessed the provider's account through an outside vendor, according to a statement on Mayfield's website. The vendor sends educational information, clinic announcements, newsletters and other Mayfield-related information to patients.

Those who received the fraudulent email were directed to download an attachment that triggered the download of a ransomware virus.

"Mayfield's first priority is always the well-being of our patients," Thomas Rosenberger, vice president of communications for Mayfield, said in statement. "Once we learned of the incident, we immediately communicated with recipients by email, by social media and on our website, including both notification and instructions on how to remove the virus."

The clinic has sent information to patients on how to remove the malware, begun to work with the vendor's compliance office to understand how the breach happened and reviewed its policies to protect against further misuse of patient information.

More articles on data breaches:

Google reports data breach affecting employees stemming from third-party benefits provider 
Calif. chiropractor burgled, warns 600 patients of potential data breach 
Not-so-sensitive data: The case for unprotected health information 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months