Data Breach at the Conway Regional Medical Center exposes patient information

Conway Regional Medical Center, at Conway city of Arkansas state in U.S., has discovered that patient information was compromised in a phishing attack recently. An intruder was successful in gaining access to the patient information in the medical center after email phishing attack, as per a letter that was sent to the patients.

Conway Regional Health System said in a statement that "Conway Regional is committed to protecting our information systems and continues to take steps to guard against cybersecurity threats. We care greatly about our patients and sent letters to those affected as soon as possible to make them aware of a potential risk to their information".

Patients who might have been affected are notified last month (i.e. in August 2019). In a letter that was dated Aug. 23, 2019, the medical center says that the breach has been first discovered in the month of June when suspicious activity surrounding the employee email accounts has been detected.

Once discovered, an investigation was immediately started in order to determine what has happened and what kind of information was in risk. The investigation has confirmed that the email accounts of several employees were subjected to unauthorized access because the employees have responded to the phishing emails.

As per officials, the hackers could have possibly viewed or accessed the documents in those compromised email accounts. Patient names, health insurance information, Social Security numbers, addresses and some medical information might have been viewed or accessed as part of data breach, said the Conway Regional Health System in a statement on Sep. 4, 2019.

The medical center said that it has not found any kind of evidence to suggest the patient information has been misused or stolen.

Conway Regional Health System said in a statement that "we take the security of the information in our possession seriously and we regret any concern that this incident causes and remain committed to protecting patient information".

The medical center also said that it is reviewing their security policies as well as procedures, as those will be updated for reducing the risk of more data breaches.

Breach report that was submitted to Department of Health and Human Services' Office for Civil Rights said that 37,000 patients have been affected by this incident.

» SPAMfighter News - 9/18/2019