DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Franciscan Health System notifies more than 12,000 patients after employees fall for phishing scheme (updated)

Posted on April 1, 2014 by Dissent

John Gillie reports:

Tacoma’s Franciscan Health System is notifying some 8,300 patients that their personal information — including in some cases medical records and Social Security numbers — may have been shared with computer scammers who accessed staff email accounts.

Franciscan estimates more than 12,000 patients nationwide had files potentially breached.

Franciscan’s total of 8,300 patients potentially affected in the South Sound was the largest in the Catholic Health Initiatives network. CHI is the parent company of Franciscan.

The employees, most of them employed by Franciscan Medical Group, responded to late January phishing emails that appeared to be coming from CHI. Those messages, composed by computer hackers, not by CHI, asked Franciscan employees to go to another site where they were to enter their email user names and passwords.

Read more on the News Tribune.

The Franciscan Health System posted this notice on their website March 28:

Franciscan Medical Group (FMG) is committed to protecting the security and confidentiality of our patients’ personal information. Regrettably, this notice is about an incident involving some of that information.

On January 27, 2014, we learned that “phishing” emails were sent to a small group of FMG employees who responded to the emails thinking they were legitimate requests from our parent company Catholic Health Initiatives. When we learned of this, we immediately secured the affected email accounts and began an investigation, including hiring an outside expert forensics firm. We undertook a comprehensive review of the affected employees’ e-mail accounts and confirmed that the emails contained patient information and may have included patient demographic information (for example, name, address, date of birth, telephone number), clinical information (for example, treating physician and/or department, diagnosis, treatment received, medical record number, medical service code, health insurance information), and in a small number of instances Social Security numbers.

We have no evidence that the information in the emails has been used in any way, however, as a precaution, we began sending letters to affected patients on March 28, 2014 and have established a dedicated call center to answer any questions our patients have. If you believe you are affected but do not receive a letter by April 16, 2014, please call 1-877-283-6556, Monday through Friday between 6:00 a.m. and 6:00 p.m. Pacific Time.

We regret any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have re-enforced education with our staff regarding “phishing” emails and are reviewing enhancements for strengthening user login authentication.

This is not the first time the health system or its employees have been caught up in a breach. In January 2011, this blog reported that Franciscan Medical Group in Washington reported that 1,250 patients had PHI on a computer stolen on or about November 18.

Update: The 12,000 number includes 3,500 patients of KentuckyOne, who have also posted a statement on their website:

KentuckyOne Health is committed to protecting the security and confidentiality of our patients’ personal information. Regrettably, this notice is about an incident involving some of that information.

On January 27, 2014, we learned that “phishing” emails were sent to a small group of KentuckyOne Health employees who responded to the emails thinking they were legitimate requests. When we learned of this, we immediately secured the affected email accounts and began an investigation, including hiring an outside forensics expert firm. We undertook a comprehensive review of the affected employees’ e-mail accounts, which concluded on March 24, 2014. This investigation confirmed that the emails contained patient information from Jewish Hospital, Frazier Rehab Institute, Saint Joseph Berea and Flaget Memorial Hospital, and may have included patient demographic information (for example, name, address, date of birth, telephone number) and clinical information (for example, treating physician and/or department, diagnosis, treatment received, medical record number, medical service code, health insurance information).

We have no evidence that the information in the emails has been used in any way, however, as a precaution, we began sending letters to affected patients on March 28, 2014 and have established a dedicated call center to answer any questions our patients have. If you believe you are affected but do not receive a letter by April 16, 2014, please call 1-877-283-6556, Monday through Friday between 9:00 a.m. and 96:00 p.m. Eastern Time.

We regret any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have re-enforced education with our staff regarding “phishing” emails and are reviewing enhancements for strengthening user login authentication.

idRADAR.com has some additional quotes from spokespeople about the breach.

Category: Health Data

Post navigation

← China Embassy in Moscow hacked. Russian deployed equipment to spy on Intertelecom Ukraine. 100k customers IMEI, and l/p leaked.
Russian RUSAL Deployed Equipment to Spy on Intertelecom Ukraine →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.