Phishing Attacks Breach 20,000 Patient Records of Catawba Valley Medical Center

20,000 patients of Catawba Valley Medical Center (CVMC) based in North Carolina has been notified regarding breach of their personal data after 3 successful phishing attacks.

Officials of CVMC in Hickory, North Carolina, discovered that an unauthorized individual has accessed email account of a Catawba Valley Medical Center employee on 13 August, 2018. As soon as the email breach was discovered, steps have been taken for securing the account to prevent further access. Moreover, a 3rd party computer forensic firm got called for assisting in the investigation and then for determining the extent of breach.

It was revealed while doing investigation, in the month of August, of one phishing attack that not one but more accounts were hacked for over a month between 4 July, 2018, and 17 August, 2018. The officials of medical center discovered that a hacker has accessed email account of three CVMC employees' for over a month, after those employees has responded to the phishing emails.

As per the officials, the investigation found that those email accounts contain protected health information of patients that includes patient names, medical services details received at CVMC, health insurance information, and date of birth. Social Security numbers of a few patients was also included. However, no information was received that suggest health information of patients was misused by any means.

Catawba Valley Medical Center began notifying all the patients, whose personal health information may was compromised due to email account breaches on 12 October, 2018. Moreover, one dedicated call center was further created by the medical center for handling the patient questions regarding the breach. Additionally, the officials are recommending the patients to review all statements they received from the insurance carrier to ensure that they are not billed for any kind of services they did not receive.

As per the officials, these phishing instances have prompted the Catawba Valley Medical Center to hire the security experts for improving employee education while strengthening the email controls along with upgrading its hardware and software controls.

Thus, now Catawba Valley Medical Center has also joined unfortunate trend of breaches that was caused by the undetected phishing attacks.

» SPAMfighter News - 11/1/2018