Phishing Attack on Navicent Health impacted about 1,400 Patients

Two months after Macon, Georgia-based Navicent Health discovered that one of their employees opened a phishing email that allowed the hackers to access the sensitive information, the hospital is notifying about 1,400 patients that a few of their PHI (Protected Health Information) got exposed due to a phishing attack.

On Jun. 24, 2019, Navicent Health has discovered that an unauthorized third-party was successful in gaining access to email account of one employee. The employee email account has been compromised, as that employee has responded to a phishing email likely in between Jun. 22-24, as per a news release of the hospital.

The employee email account that was affected contain following information that was possibly compromised: patient names, telephone numbers, addresses, bank account information, medical information, Social Security numbers, as well as other personal information.

The hospital is still not aware about any identity theft or fraud to any individual due to the phishing attack, as per the news release. Moreover, no access to electronic medical record systems of Navicent Health was gained.

In a statement, the hospital said that "privacy and security are a top priority for Navicent Health. Upon discovery of the phishing email, Navicent Health immediately took action to stop the unauthorized access to the account, changed the password and enhanced its security controls".

Besides the internal investigation, Navicent Health also notified FBI regarding this matter and has started talks with one national forensics firm.

Navicent Health is further sending information about how to protect from identity theft or fraud to those, who were possibly impacted. It is also providing complementary identity theft protection services to those, whose financial information or social security numbers may have been compromised.

"We encourage potentially affected individuals to remain vigilant in monitoring account statements, bills, notices and insurance transactions for incidents of unauthorized activity and to promptly report such incidents," said the hospital in one news release.

Earlier this year (i.e. in March), Navicent Health reported about a phishing attack that resulted in exposure of more than 278,000 patients' PHI. This breach happened in Jul. 2018, however on Jan. 2019, it became clear that Protected Health Information was compromised in this incident.

» SPAMfighter News - 9/13/2019