The hospital discovered June 24 that three employees had fallen victim to a phishing attack. Upon investigation, Carle determined only patients that received cardiology or surgery services were affected.
Patient data that may have been exposed included names, medical record numbers, dates of birth and clinical information. No Social Security numbers or financial information were affected.
There has been no evidence that any patient information has been misused. However, Carle is recommending patients review any statements from their providers.
More articles on cybersecurity:
Allegheny Health Network warns patients of ‘phone number spoofing’
MUSC Health nurse posted unauthorized photo of infant patient on social media
14 healthcare privacy incidents in August
