It feels like I’m seeing more phishing reports that hacking reports this past week.
Ken Stone reports:
Some patient information was unlawfully accessed as a result of a “phishing” attack that targeted the email accounts of several City of Hope staffers, the Duarte cancer research and treatment facility reported Friday.
The data breach, which took place the week of Jan. 18, “resulted in unauthorized access to four staff members email accounts, officials said.
After securing the email accounts and notifying law enforcement and other appropriate agencies, City of Hope, with the assistance of a forensic information technology firm, launched an investigation that revealed three of the affected accounts contained protected patient information such as names, medical record numbers, dates of birth, postal and email addresses, phone numbers and some clinical information such as diagnoses and dates of service, the facility reported.
Read more on MyNewsLA.com
City of Hope’s press release follows:
City of Hope said today that during the week of Jan. 18, 2016 it was the target of a “phishing” email attack that resulted in unauthorized access to the email accounts of four staff members. A phishing email is an attempt to acquire personal information such as computer account usernames and passwords by sending an email that looks like it is coming from a trustworthy source.
City of Hope took prompt action to secure the email accounts and end the intrusion. In addition to notifying local law enforcement, City of Hope retained a leading forensic information technology firm to assist with its investigation of the incident, to evaluate its systems and processes and further strengthen its safeguards to protect against such attacks.
As part of City of Hope’s investigation of this incident and with the assistance of the forensic information technology firm, on Feb. 18, 2016, it was determined that three of the affected email accounts included a number of emails that contained one or more elements of protected health information, such as patient names, medical record numbers, dates of birth, addresses, email addresses, telephone numbers and some clinical information such as diagnoses, test results and dates of service, which may have been viewed. For the majority of patients, the information contained within the three breached email accounts contained only patient name and medical record number. With the exception of information relating to one patient, the information in the email accounts did not contain any Social Security numbers or financial information. It does not appear that the phishing attack targeted protected health information; instead, it appears the accounts were accessed for the purposes of sending spam emails to other individuals. City of Hope is sending notification letters to the affected patients, and is taking all appropriate steps to mitigate any potential harm to affected individuals.
City of Hope has also notified the Department of Health and Human Services, Office for Civil Rights and state agencies as required by law.
City of Hope takes great care to protect patient privacy and regrets any concerns or inconvenience this incident may have caused affected individuals. City of Hope has set up a toll-free hotline, 866-775-4209, to answer any questions.
About City of Hope
City of Hope is an independent research and treatment center for cancer, diabetes and other life-threatening diseases. Designated as a comprehensive cancer center, the highest recognition bestowed by the National Cancer Institute, City of Hope is also a founding member of the National Comprehensive Cancer Network, with research and treatment protocols that advance care throughout the nation. City of Hope’s main hospital is located in Duarte, California, just northeast of Los Angeles, with clinics throughout Southern California. It is ranked as one of “America’s Best Hospitals” in cancer by U.S. News & World Report. Founded in 1913, City of Hope is a pioneer in the fields of bone marrow transplantation and genetics. For more information, visit www.cityofhope.org or follow City of Hope on facebook, twitter, youtube or flickr.