Phishing Attack in Texas Exposes PHI of 39K Patients

May 1, 2015
The Austin, Tx.-based Seton Family of Hospitals, part of Ascension health system, has acknowledged a phishing attack on its organization, resulting in the potential exposure of some personal health information for approximately 39,000 patients.

The Austin, Tx.-based Seton Family of Hospitals, part of Ascension health system, has acknowledged a phishing attack on its organization, resulting in the potential exposure of some personal health information for approximately 39,000 patients.

Seton said that it experienced an email phishing attack on December 4, 2014, which targeted the user names and passwords of Seton employees. After launching an investigation, which included computer forensics experts for assistance, it was determined in February of 2015 that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients.

The personal health information in the email accounts included demographic information (i.e., name, address, gender, date of birth, etc.), medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records, Seton officials said.

Seton said that it is taking steps to mitigate this incident by notifying affected individuals via letter, posting a substitute notice and providing notice to prominent media outlets in the area. Identity monitoring and protection services are being offered free of charge for those whose Social Security numbers have been affected by the incident. Additionally, Seton is working with its e-mail service provider to evaluate ways to enhance its security program.

The healthcare industry is certainly no stranger to phishing attacks. In a recent blog post for Healthcare Informatics, Mac McMillan, CEO of the Austin, Tx.-based CynergisTek and current chair of the HIMSS Privacy & Security Policy Task Force, said, “many of the more serious hacks or malware attacks were preceded by a phishing effort first. We saw random phishing attacks, directed spear phishing and combinations. These attacks are often successful because they prey on peoples emotions, desires, in some cases fantasies, but more often than not, it’s the expectation that recipients are tired, busy or in a hurry and not paying attention.” 

Sponsored Recommendations

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...