DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sunspire Health notifying patients after employee email accounts accessed in phishing attack

Posted on July 17, 2018 by Dissent

Joseph Goedert reports:

Sunspire Health, a nationwide network of addiction treatment facilities, is notifying an undisclosed number of individuals and offering them credit and identity monitoring services after several employee email accounts were accessed in a phishing attack.

While the size of the Sunspire attack is not yet publicly known, the incident soon will be posted on the HHS Office for Civil Rights data breach web site.

Between mid-April and mid-May, Sunspire learned that multiple employees fell victim to a phishing attack that compromised several email accounts.

Read more on HealthData Management.

Sunspire posted the following notice on its site yesterday:

Lyndhurst, New Jersey – July 16, 2018 – Sunspire Health (“Sunspire”) is taking action after discovering that it became the target of a phishing email campaign that compromised several employee email account credentials.

Although there is no indication to date of actual or attempted misuse of patient information, Sunspire is notifying individuals whose records were or may have been subject to unauthorized access and providing these individuals with information and resources to help protect them against the possibility of identity theft or fraud. The company is also informing the U.S. Department of Health and Human Services and appropriate state authorities about this incident. Sunspire continues to investigate the incident and has implemented supplemental technical and administrative protections and training protocols to prevent similar occurrences in the future.

To better assist individuals who may have been affected by this event, Sunspire has established a toll-free privacy line and has dedicated personnel on hand to provide information on how to protect against the possibility of identity theft and fraud. All questions and concerns regarding how individuals may best protect themselves from potential harm resulting from this incident, including how to receive a free copy of one’s credit report, and place a fraud alert or security freeze on one’s credit file, may be directed to this line by calling 888-899-8301 between 8:30 a.m. and 5:30 p.m. EST (excluding US holidays) for a period of 90 days.

What Happened

Between April 10, 2018 and May 17, 2018, Sunspire learned that its employees became the target of a phishing email campaign that compromised several email accounts. Upon learning of this incident, Sunspire took immediate steps to secure the email accounts and has launched an investigation to determine whether any sensitive information was accessed. With the help of third-party computer forensic investigators, Sunspire has determined that unknown individuals may have gained access to certain Sunspire employee email accounts between March 1, 2018 and May 4, 2018. As part of this ongoing investigation, Sunspire recently determined that the compromised email accounts may have contained some patient information, which may include client names, dates of birth, Social Security numbers, treatment and diagnosis information, health insurance information. To date, there is no evidence the information in the emails has been misused in any way. Sunspire is providing notice to impacted individuals and will provide credit and identity monitoring services to such individuals at no charge.

About Sunspire Health

Sunspire is a network of addiction treatment facilities across the United States offering addiction recovery services, including detoxification, residential and outpatient treatment programs in settings designed to promote long-term healing. For more information, visit the company’s web site at Sunspirehealth.com.

page1image23128

Media:
James Heins ICR 203-682-8251

or

Darcie Robinson ICR 203-682-8379

Category: Health DataPhishingU.S.

Post navigation

← Thousands of patient records held for ransom in Ontario home care data breach, attackers claim
Telefonica breach exposes personal data of ‘millions’ of customers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.