The phishing attack was noticed by Presbyterian Healthcare Services during June 6, 2019. The breach investigation showed the email accounts were infiltrated a month earlier, on or around May 9, 2019.
Upon identification of the breach, all impacted email accounts were secured to stop further access. A review of the compromised email accounts showed they included the protected health information (PHI) of 183,370 individuals. Compromised PHI was restricted to names, dates of birth, Social Security numbers, and clinical and health plan data. Affected people have been warned to check their statements from their providers and health plans for signs of misuse of their personal data.
Presbyterian Healthcare Services has put in place extra security measures to protect its email system and all employees will be required to undergo yearly cybersecurity training. Employees will also be issued with regular reminders about safeguarding PHI and addressing phishing scams.
Elsewhere, 27,004 patients of Reno, NV-based Renown Health are being made aware that some of their protected health information was saved on an unencrypted thumb drive that has been declared missing.
The device included information including patient names, diagnoses, medical record numbers, clinical information, dates of admission, and physician’s identities. The breach was restricted to patients who had been treated at Renown South Meadows Medical Center between January 1, 2012 and June 14, 2019.
The drive is thought to have gone missing on June 30, 2019. The employee who reported the device missing was questioned, and a thorough search was completed, but the portable storage device could not be found.
Renown Health is looking over its policies relating to the use of portable storage devices and will be retraining its employees on securing PHI.