In November, Lafayette Regional Rehabilitation Hospital discovered that an employee’s email account had been accessed by an unauthorized third party. Upon investigation, the hospital determined that the unauthorized user had access to the email account in July.
Patient data that may have been exposed included names, dates of birth, clinical information and treatment information. A limited number of Social Security numbers may have also been affected.
Lafayette Regional Rehabilitation Hospital said there is no evidence that patient information has been misused. The hospital is recommending patients review any statements they receive from healthcare providers.
“We deeply regret any concern or inconvenience this incident may cause our patients. To help prevent something like this from happening again, we are reinforcing education with our staff on email security and are working to enhance our email security tools,” Lafayette Regional Rehabilitation Hospital said in a news release.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks
