Phishing Attack in Texas Exposes PHI of 39K Patients

May 1, 2015
The Austin, Tx.-based Seton Family of Hospitals, part of Ascension health system, has acknowledged a phishing attack on its organization, resulting in the potential exposure of some personal health information for approximately 39,000 patients.

The Austin, Tx.-based Seton Family of Hospitals, part of Ascension health system, has acknowledged a phishing attack on its organization, resulting in the potential exposure of some personal health information for approximately 39,000 patients.

Seton said that it experienced an email phishing attack on December 4, 2014, which targeted the user names and passwords of Seton employees. After launching an investigation, which included computer forensics experts for assistance, it was determined in February of 2015 that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients.

The personal health information in the email accounts included demographic information (i.e., name, address, gender, date of birth, etc.), medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records, Seton officials said.

Seton said that it is taking steps to mitigate this incident by notifying affected individuals via letter, posting a substitute notice and providing notice to prominent media outlets in the area. Identity monitoring and protection services are being offered free of charge for those whose Social Security numbers have been affected by the incident. Additionally, Seton is working with its e-mail service provider to evaluate ways to enhance its security program.

The healthcare industry is certainly no stranger to phishing attacks. In a recent blog post for Healthcare Informatics, Mac McMillan, CEO of the Austin, Tx.-based CynergisTek and current chair of the HIMSS Privacy & Security Policy Task Force, said, “many of the more serious hacks or malware attacks were preceded by a phishing effort first. We saw random phishing attacks, directed spear phishing and combinations. These attacks are often successful because they prey on peoples emotions, desires, in some cases fantasies, but more often than not, it’s the expectation that recipients are tired, busy or in a hurry and not paying attention.” 

Sponsored Recommendations

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...

Quantifying the Value of a 360-Degree view of Healthcare Consumers

To create consistency in how consumers are viewed and treated no matter where they transact, healthcare organizations must have a 360° view based on a trusted consumer profile...