The Medical Center became aware in April 2018 of a potential data breach where an employee’s email account was compromised as the result of a phishing attack by an unknown, unauthorized third party. This may have resulted in the exposure of 13,443 patients’ personal information as the employee’s email account included information such as patients’ names, addresses and phone numbers, and in certain instances, limited treatment information. Social Security numbers and financial or billing information were not involved in this incident because presumably this information wasn't contained in the employee's email account.
The company disclosed that there was no evidence that patient information was actually accessed / viewed or any indication that anyone’s information was actually misused. Security commentators remarked that since credentials were inadvertently shared it isn't possible to say whether or not personal information was breached.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions