On July 29, CTCA discovered suspicious activity on an employee’s email account. Upon investigation, the cancer center determined that an employee had fallen victim to a phishing attack that gave a hacker access to the account between July 22-30.
Patient data stored in the email included names, phone numbers, addresses, dates of birth, medical record numbers, health insurance information and/or medical information. No Social Security numbers or financial information was affected.
“We take our responsibility to safeguard personal information seriously and remain committed to protecting patient privacy and security. We are implementing security enhancements and continuing to educate our workforce about how to identify suspicious emails to help ensure this does not happen in the future,” a statement from CTCA said.
More articles on cybersecurity:
Why ransomware attacks against hospitals can be more severe than other businesses
Indiana hospital alerts 9,100 patients of data breach
FDA warns patients, providers of ‘urgent’ software vulnerabilities
