Franciscan Health System Warns Patients about Security Breach

Bizjournals.com published a news report on March 31, 2014 stating that Tacoma-based (Washington, United States) Franciscan Health System is informing its 8,300 patients that their personal information has been hijacked after some workers of it were tricked by phishing emails.

The innocent employees responded to malicious emails by entering their login information into a third-party site. The emails purported to be from Catholic health Initiatives (CHI) which is the parent group of Franciscan but the emails were actually distributed by hackers.

The health system learned about the breach on January 27, 2014 but it has taken many months to identify and notify patients impacted as many personal details were released in uneven manner which became difficult to connect with each patient.

Once the issue was discovered, Franciscan secured the affected email accounts for investigation.

Health system hired an independent forensic firm to determine the extent of the data breach and to identify the infiltrators. The medical system also called FBI and the Secret Service in for the investigation.

Investigators found that some emails contained personal information like names, address, birthdates and phone numbers of patients. Some patients might have given their medical treatment information and some their SSNs (Social Security Numbers) to the hackers.

Thenewstribune.com published news on 31st March, 2014 quoting Scott Thompson, Spokesman of Franciscan, as stating that phishing expedition was a nationwide effort targeting employees of CHI health system. Less than twenty (20) workers of Franciscan replied to those emails and entered their usernames and passwords.

The health system which comprises of a large network of medical centers, clinics, hospitals and specialty centers said that it froze affected email accounts following the unfortunate incident.

Thenewstribune.com published news on 31st March, 2014 quoting Donn Moyer, Spokesman of State Department of Health, as saying that the department is thinking of opening a complaint-file based on the breach.

Moreover, the above incident happened almost at the same time of another security breach which struck a US-based hospital in mid-March 2014. Valley View Hospital (Colorado, US) publically announced that a virus had hijacked personal non-medical information of approximately 5,400 patients of its following which a forensic investigation was launched.

» SPAMfighter News - 4/7/2014