Samantha Schoenfeld reports:
Middlesex Hospital in Middletown says that it suffered a data breach in October.
The hospital says that on October 9, it was discovered that four of the hospital’s employees had been victims of an email phishing scam, which allowed a breach into the hospital’s records.
In all, information for 946 patients may have been compromised. No social security numbers or credit card information was accessed, but the breach did unveil a security weakness that may have released names, addresses, dates of birth, medical record numbers, medications patients take, dates of service and diagnoses.
Read more on Fox61.
Middlesex Hospital’s statement, on their web site (but not easy to find), says:
E-Mail Phishing Scam Results in Data Breach
Posted: Dec 8, 2015 10:40 AM ESTMiddlesex Hospital considers patient confidentiality a top priority and does everything it can to protect patient information. Unfortunately, on October 9, 2015, the Hospital discovered that four of its employees fell victim to an e-mail phishing scam that potentially resulted in a breach of personal and medical information, for a total of 946 patients, that may have contained name, address, date of birth, medical record number, medication, date of service, and/or diagnosis. Fortunately, the information compromised did not include direct access to full medical records or any Social Security numbers.
The information compromised did not include direct access to full medical records or any Social Security numbers. All patients involved in the breach have been notified and are being offered free credit monitoring for one year, as a precaution. The Hospital is taking all necessary steps to help prevent a similar occurrence in the future.