Memorial Hospital at Gulfport in Mississippi is notifying patients that protected health information may have been compromised by a phishing attack.
The facility reported that access to the information was achieved by an attack on an employee’s email account on December 6, 2018.
A phishing attack occurs when a hacker sends an email that appears to be from a legitimate and known person, such as a co-worker, family member or friend. The email actually contains malware, which is released when the individual clicks on the email link.
About 30,000 patients may have been initially affected by the Memorial Hospital attack, according to the Biloxi Sun Herald, and the hospital continues to investigate the hacking.
The organization did not learn of the attack until December 17, when a third party told hospital executives about the breach, it reported.
Data at risk included patient names, dates of birth, health insurance and information about care delivered at the hospital. A “limited” amount of Social Security numbers also was compromised.
“We have no indication that patient information has been misused in any way,” the organization told patients in the notification letter it mailed last week.
Also See: 10 strategies to reduce the threat of phishing attacks
The hospital is offering credit monitoring and identity protection services from an undisclosed firm to patients whose Social Security numbers had been compromised. Other affected individuals are being given information on how to protect their information.
“Memorial Hospital at Gulfport is continuing to investigate this incident and anticipates notifying additional patients in coming weeks,” the hospital’s letter stated. “We deeply regret any concern or inconvenience this may cause our patients. MHG takes the privacy and confidentiality of our patients’ information very seriously and is enhancing information security safeguards to help prevent an issue such as this from occurring in the future.”