Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack.
A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered.
Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It was reported, on November 30, that the breach involved the email accounts of three members of staff.
An examination of the emails contained in those accounts revealed some messages had the PHI of patients attached, which may have been accessed and downloaded by the hacker.
The information potentially obtained included identity details, demographic information, clinical information, details of medications prescribed by the pharmacy, Social Security numbers, and health insurance credentials. A restricted number of patients may also have had some financial information obtained.
There has been nothing uncovered to suggest any protected health information has been misused, although clients have been asked to use extreme caution and check their credit reports, billing statements, and Explanation of Benefit statements for any sign of fraudulent operations. Affected individuals have also been offered free credit monitoring and identity theft protection services through ID Experts for the next 12 months.
This particular security breach appears to have come about after employees opened phishing emails. All members of staff have now been given more training to assist them recognize these malicious emails and email security safeguards have been strengthened to prepare for further attacks.