Patients notified about Data Breaches at Columbus Community Hospital

Columbus Community Hospital of Columbus city, Wisconsin, started notifying patients on May 24, 2019, that phishing attack on their vendor might have exposed the data of patients, as per Channel3000.

OS Inc., a company providing claims management services to the hospital, came to know about a data breach on Apr. 8, 2019. On that day itself, the Columbus Community Hospital was notified by OS Inc. that one unauthorized individual was successful in gaining access to an employee email account of OS Inc. through a phishing attack. That hacker might have viewed the patient information when he/she had access of the compromised email account.

The information in that compromised employee email account includes names, categories of service, hospital account numbers, summaries of charges, and insurer names. Some of the patients might also have their insurance identification number and/or Social Security number got exposed.

Although the investigators have not found any evidence which suggest that the unauthorized individual accessed, altered, or downloaded the PHI, they still cannot rule out that possibility.

John Russell, CEO of Columbus Community Hospital, said in a statement that: "the hospital takes the privacy and security of its patient information very seriously, and ensures that its business associates do as well. We will continue to ensure that OS does all that it can do to work with our patients whose personal information may have been compromised and help them work through the process".

Centennial, Colorado-based Centura Health started notifying 7,515 patients that their information might have been exposed as a result of a phishing attack.

Centura Health has discovered this breach on Apr. 16, 2019, and quickly secured that affected email account. The forensic investigation has confirmed that the email account was accessed by one unauthorized individual who might have viewed or obtained the patient information containing emails as well as email attachments. Any evidence was not found that will suggest PHI was accessed, misused, or stolen, but still the patients were notified as a precautionary measure. On May 22 of this year, letters were started to be sent.

The patients affected by this breach had a few or all of following information got exposed: name, demographic information, date of birth, dates of service, services received, medical record number, treating physician, medical device supplied, account number, as well as other clinical information. No Social Security numbers, health insurance information, or financial data were exposed.

» SPAMfighter News - 6/15/2019