Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information for 68,039 individuals may have been exposed following a successful phishing attack against two of its employees.
Methodist provides surgical and medical hospital services, it employs 2,576 individuals, and it reported a total number of 195,055 patient encounters during 2018 according to last year's annual report.
"In June 2019, Methodist learned of unusual activity in an employee’s email account. We immediately commenced an investigation, working with third-party forensic investigators, to assess the nature and scope of the email account activity," says the notice of data incident.
"On August 7, 2019, the forensic investigation determined that two (2) Methodist employees fell victim to an email phishing scheme that allowed an unauthorized actor to gain access to their email accounts."
SSNs and payment card data potentially exposed
The following investigation led to the discovery that the first employee's account was accessed on June 12 and from July 1 to July 8, 2019, while the data included within the second one was exposed between March 13 to June 12, 2019.
"While Methodist has no evidence of actual or attempted misuse of any information present in the email accounts, the investigation could not rule out the possibility of access to data present in the accounts," adds the healthcare system.
Methodist also discovered as part of the same investigation that, while the personal and medical information exposed for each individual varies, the two email accounts included the following patient info:
Name, address, health insurance subscriber, group, and/or plan number, group identification number, Social Security number, driver's license/state i ..
Support the originator by clicking the read the rest link below.
