Cancer Treatment Centers of America notifying around 3,300 patients about data breach

Certain patients are getting notified by Cancer Treatment Centers of America (or CTCA) that some of their PHI (Protected Health Information) was exposed due to a phishing-related email security breach, which happened on Jul. 2019 at CTCA's Southeastern Regional Medical Center.

This attack was discovered on Jul. 29, 2019, after suspicious activity has been detected in email account of one staff member of CTCA. Upon investigation, the CTCA determined that one of their employees became victim of a phishing attack, as a result of which a hacker has gained access to that employee's account in between July 22, 2019, & July 30, 2019.

Once the breach was detected, the compromised email account has been secured in order to stop further unauthorized access. Even though the investigation didn't find any evidence that will suggest patient information in the emails as well as email attachments were copied or accessed by the attacker, the possibility cannot be ruled out.

The information that was possibly accessed included the names, dates of birth, addresses, phone numbers, health insurance information, medical record numbers, medical information, as well as other patient identifiers.

Financial information or Social Security numbers have not been exposed in this breach, so identity theft protection and credit monitoring services are not provided. Still the affected patients were advised to monitor explanation of the benefits statements, and then report the suspected fraudulent activity to insurers.

"We take our responsibility to safeguard personal information seriously and remain committed to protecting patient privacy and security. We are implementing security enhancements and continuing to educate our workforce about how to identify suspicious emails to help ensure this does not happen in the future," a statement from CTCA said.

The breach report that was submitted to HHS' Office for Civil Rights shows that 3,290 patients were affected by this latest breach.

Since late Nov. 2018, five breaches were reported to the OCR by the CTCA. The first breach was reported on Nov. 6, 2018, that affects 41,948 patients of Arizona's Western Regional Medical Center. 16,819 patients of the Southeastern Regional Medical Center have been affected by the phishing attack that was reported to the OCR on May 10 of this year. Another 3,904 patients of both Pennsylvania's Eastern Regional Medical Center as well as Southeastern Regional Medical Center have been affected by the phishing attacks that were reported to the OCR recently.

» SPAMfighter News - 10/28/2019