Phishing attack on Artesia General Hospital impacted 13,905 patients

The Artesia General Hospital based in Artesia, New Mexico, has discovered that the PHI (Protected Health Information) of 13,905 patients was compromised as a result of a phishing attack. Artesia is one of the cities in Eddy County of New Mexico in United States.

The breach was first detected by the officials when an email account of one of their employees was found to have been used for sending the unauthorized emails. On Jun. 18, 2019, the breach was first discovered.

After discovering the breach, the compromised email account was secured and a topmost computer forensics firm was engaged for investigating about this breach. The forensic analysis has revealed that the phishing attack lasted for one week, and the compromised email account was accessed by the unauthorized individual in between Jun. 11, 2019, and Jun. 18, 2019.

However, the officials said that they were not able to verify whether any emails or attachments have been viewed by hacker. The hospital is also not aware whether the hacker has downloaded or viewed any patient information stored in the compromised email account. To date, Artesia General Hospital has said that there was no evidence that the patient data was misused.

The compromised email account contained the patient information, like names, health insurance information, dates of birth, patient account numbers, medical record numbers, and some clinical and/or treatment information, such as provider names, dates of service, and diagnoses. A small number of affected patients might also have their Social Security numbers got exposed and potentially compromised.

Patients, who are having their Social Security number got exposed and potentially compromised, were offered complimentary identity theft protection and credit monitoring services. 13,905 patients were notified by the Artesia General Hospital about this recent security incident.

After this incident, Artesia General Hospital has reinforced the security awareness training as well as additional measures were also implemented for improving the email security. In a statement, the hospital has said that "to help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancement".

» SPAMfighter News - 9/17/2019