Indiana Health Center Phishing Attack Impacts Twelve Thousand Patients
Data Privacy and Security Perspective
Communication should be provided to all staff members regarding phishing emails. Examples should be provided to demonstrate potentially harmful email addresses, URLs, and types of attacks
A network of seven healthcare centers in Indiana experienced a phishing attack that resulted in an employee’s email account being accessed by an unauthorized individual. The attacker impersonated a healthcare organization that had previously worked with one of the facilities. The supposed sender of the email was known to staff, and the email appeared to be genuine. On November 27, 2018, suspicious activity was detected relating to the employee’s email account. The account was immediately secured and an investigation was launched to determine the cause of the activity. A computer forensics company determined that the account had been accessed by an unauthorized individual between October 26 and November 27, 2018. Notification letters were then sent to the approximately 12,000 patients whose information might have been compromised.