Verity Health System’s St. Vincent Medical Center reported Phishing Attack

Verity Health System's St. Vincent Medical Center is based in California. The Medical Center has discovered that one web email account got compromised because of responding to phishing email.

The breach happened on March 15, 2019, and involved email account of the hospital pathologist. Officials said the email account compromise got detected after 11 days on Mar. 26, 2019, and soon after the email account has been secured within few hours.

Phishing emails were sent by the unauthorized individual to both external and internal email addresses from the compromised account till the time he/she had access to it. Those messages contained both malicious attachments as well as hyperlinks, as per the officials. As per the substitute breach notice that was provided to California Attorney General, any other employee accounts have not been breached due to the misuse of email account.

The attacker's intention in this phishing attack appears to be able to obtain the login credentials of the other email accounts; however during the time when the email account has been accessible to the attacker, complete access to the emails, email attachments, as well as folders was possible. The breach investigation cannot confirm whether any type of patient information in the emails or email attachments was copied or accessed by the attacker.

Review of the compromised emails confirmed that they contained the Protected Health Information (PHI) of some patients including names, phone numbers, addresses, Social Security numbers, dates of birth, medical record numbers, medical conditions, dates of service, treatments provided, health plan names, and lab test results.

After discovery of this breach, the unauthorized access of the email account was terminated promptly and all the phishing emails sent from this email account have been removed from email system. The employees who have opened malicious emails had their email accounts secured as well as disabled.

Verity Health System now has experienced many phishing attacks in last few months. This phishing attack follows 2 separate attacks of Nov. 2018, and another January 2019 attack.

Verity Health System now has added additional email security features in order to block the phishing emails and implement the multi-factor authentication.

As per the breach portal of HHS' Office for Civil Rights, 662 patients have been affected by this breach in St. Vincent Medical Center.

» SPAMfighter News - 6/1/2019