Oncology Center in New York Notifies Patients and Employees about Phishing Attack

The NYOH (New York Oncology Hematology) in Albany has mailed letters to their patients and employees informing them about the phishing attack and notifying them that there might be a possibility of some of the protected health information being accessed by the attackers as a result of the email phishing attack.

However, the forensic investigation that was carried out didn't find clear evidence about the patients' and employees' data being accessed by the attackers through employees' email accounts, but NYOH has decided to notify about the attack to all. As per The Record, the center is providing credit reporting services for a year to more than 128,400 patients as well as employees.

The center has also issued a notice describing the phishing incident on their website, which says: NYOH has determined that an unauthorized user might have gained access to many employee email accounts by targeted phishing emails series. The website notice also stated that "while NYOH and its partners are not aware of any actual access to or attempted misuse of patient or employee information related to this incident, we continue to take steps to protect our patients and employees' information".

The phishing emails that were sent are sophisticated in the way they appear as an email login page that looked legitimate. So, the NYOH personnel got convinced and entered their username as well as passwords. The attackers used these credentials to gain access to their email accounts. However, the attackers got access to these email accounts for a very short period of time as the access was terminated after a few hours.

A third party forensic firm was hired by NYOH to review the content of email accounts after the phishing attack, which occurred sometime between 20 April 2018 and 27 April 2018. After the thorough analysis which completed on 1 October 2018, it was revealed that a few affected email accounts have protected health information as well as the other personal information of employees or patients.

Ira Zackon, President and MD of NYOH, said in a news release that, "we are deeply sorry for the concern and inconvenience this phishing attack may cause, but NYOH remains committed to protecting the security and confidentiality of our patients' and employees' information". Ira Zackon further added that "we have no indication that personal data was accessed or misused. However, we are taking precautionary steps to ensure the safety and peace of mind for those impacted".

» SPAMfighter News - 11/28/2018