DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sunspire Health notifying patients after employee email accounts accessed in phishing attack

Posted on July 17, 2018 by Dissent

Joseph Goedert reports:

Sunspire Health, a nationwide network of addiction treatment facilities, is notifying an undisclosed number of individuals and offering them credit and identity monitoring services after several employee email accounts were accessed in a phishing attack.

While the size of the Sunspire attack is not yet publicly known, the incident soon will be posted on the HHS Office for Civil Rights data breach web site.

Between mid-April and mid-May, Sunspire learned that multiple employees fell victim to a phishing attack that compromised several email accounts.

Read more on HealthData Management.

Sunspire posted the following notice on its site yesterday:

Lyndhurst, New Jersey – July 16, 2018 – Sunspire Health (“Sunspire”) is taking action after discovering that it became the target of a phishing email campaign that compromised several employee email account credentials.

Although there is no indication to date of actual or attempted misuse of patient information, Sunspire is notifying individuals whose records were or may have been subject to unauthorized access and providing these individuals with information and resources to help protect them against the possibility of identity theft or fraud. The company is also informing the U.S. Department of Health and Human Services and appropriate state authorities about this incident. Sunspire continues to investigate the incident and has implemented supplemental technical and administrative protections and training protocols to prevent similar occurrences in the future.

To better assist individuals who may have been affected by this event, Sunspire has established a toll-free privacy line and has dedicated personnel on hand to provide information on how to protect against the possibility of identity theft and fraud. All questions and concerns regarding how individuals may best protect themselves from potential harm resulting from this incident, including how to receive a free copy of one’s credit report, and place a fraud alert or security freeze on one’s credit file, may be directed to this line by calling 888-899-8301 between 8:30 a.m. and 5:30 p.m. EST (excluding US holidays) for a period of 90 days.

What Happened

Between April 10, 2018 and May 17, 2018, Sunspire learned that its employees became the target of a phishing email campaign that compromised several email accounts. Upon learning of this incident, Sunspire took immediate steps to secure the email accounts and has launched an investigation to determine whether any sensitive information was accessed. With the help of third-party computer forensic investigators, Sunspire has determined that unknown individuals may have gained access to certain Sunspire employee email accounts between March 1, 2018 and May 4, 2018. As part of this ongoing investigation, Sunspire recently determined that the compromised email accounts may have contained some patient information, which may include client names, dates of birth, Social Security numbers, treatment and diagnosis information, health insurance information. To date, there is no evidence the information in the emails has been misused in any way. Sunspire is providing notice to impacted individuals and will provide credit and identity monitoring services to such individuals at no charge.

About Sunspire Health

Sunspire is a network of addiction treatment facilities across the United States offering addiction recovery services, including detoxification, residential and outpatient treatment programs in settings designed to promote long-term healing. For more information, visit the company’s web site at Sunspirehealth.com.

page1image23128

Media:
James Heins ICR 203-682-8251

or

Darcie Robinson ICR 203-682-8379

Category: Health DataPhishingU.S.

Post navigation

← Thousands of patient records held for ransom in Ontario home care data breach, attackers claim
Telefonica breach exposes personal data of ‘millions’ of customers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.