Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks

Evans, CO-based Sunrise Community Health has learned that the email accounts of several staff members were compromised due to employees responding to phishing emails. The email accounts were accessed by unauthorized people between September 11, 2019 and November 22, 2019.

Assisted by third party company of computer forensics experts, Sunrise Community Health determined on November 5, 2019 that the infiltrated email accounts included the protected health information of certain patients. The range of data present in the email accounts varied from patient to patient and may have included names, dates of birth, Sunrise patient ID numbers, Sunrise provider names, dates of service, types of clinical examinations carried out, the results of those examinations, diagnoses, medication names, and identities of health insurance providers.

Sunrise Community Health does not believe the focus of the attack was to obtain patient information, but the possibility of unauthorized data access and data theft could not be eliminated. The hackers appeared to be targeting invoice and payroll information.

The investigation into the attack is ongoing but breach notification letters have now been sent to affected people. Sunrise Community Health is offering impacted patients free credit monitoring and identity theft restoration services.

1,486 Katherine Shaw Bethea Hospital Patients Affected by Phishing Attack

Katherine Shaw Bethea Hospital in Dixon, IL has learned that an unauthorized person has obtained access to the email account of an employee and potentially obtained a spreadsheet including the protected health information of 1,486 patients.

The spreadsheet included names, dates of birth, phone numbers, health insurance provider names, diagnoses, and clinical data of patients under 18 years of age who had visited the emergency department between November 1, 2018 and May 1, 2019.

Katherine Shaw Bethea Hospital has put in place new measures to enhance email security and all staff members have been provided with further cybersecurity training to help them identify phishing campaigns.

NYC Health + Hospitals Alerts Patients to Illegal Disclosure Event

NYC Health + Hospitals is warning patients who received treatment after a motor vehicle accident that some of their protected health information may have been impermissibly shared to third parties by an employee.

NYC Health + Hospitals was made aware of the event on October 3, 2019 that one of its employees had disclosed patient information to third parties such as law companies between 2016 and November 2019.

NYC Health + Hospitals believes that all patients who were given treatment at its hospitals and clinics after following a motor vehicle accident may have been impacted. The investigation into the incident is current and appropriate disciplinary action is being taken against the employee involved.

Author: Maria Perez