DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: MedSpring Urgent Care notifies 13,000 patients after phishing attack

Posted on August 9, 2018 by Dissent

As Protenus’s Q-2 report for health data breaches in the U.S. indicates, phishing continues to account for a significant percentage of reported breaches.  Here’s another phishing incident recently disclosed to HHS that will be in Protenus’s Q-3 report as affecting 13,034 patients:

July 20, 2018

At MedSpring Urgent Care (MedSpring), we take the privacy and security of our patients’ information seriously. We are providing the following information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state law to explain that a third party may have had unauthorized access to personal information about certain patients who were treated at our facilities located in Illinois.

On May 8, 2018, an employee was the victim of an email phishing scam that we learned on May 17, 2018 may have resulted in unauthorized access to the employee’s email account. Email “phishing” scams involve an attempt by an unauthorized individual to obtain sensitive information, such as usernames and passwords, by disguising as a trustworthy entity.  Promptly after discovering the attack, MedSpring blocked the unauthorized party’s access to the email account and hired a leading cybersecurity forensics firm specializing in the investigation and resolution of cyberattacks to investigate the attack and determine what information may have been accessed by the unauthorized party.

On May 22, 2018, MedSpring discovered that the unauthorized party may have been able to access individuals’ personal information contained in the compromised email account and launched a thorough review of those emails. As a result of that review, we recently learned that information in that compromised email account may have included certain patients’ names, account numbers, medical record numbers, and dates and services relating to the provision of medical services.

At this time, we are not aware of any unauthorized viewing or misuse of our patients’ information. We are sending notification letters to all potentially affected individuals for whom MedSpring has up-to-date contact information. If you were treated at one of our Illinois facilities and do not receive a letter from us, you may call (866) 751-1317 toll free to determine whether your information was identified as being involved.  We have arranged to provide 12 months of identity protection and fraud resolution services through Experian to all individuals whose information was contained in the compromised email account.

Any individuals who receive a notification letter from MedSpring or who might otherwise be concerned about identity theft are encouraged to regularly review statements from their accounts and to periodically obtain their credit report from one or more of the national credit reporting companies. Individuals may obtain a copy of their credit report once every 12 months by either visiting http://www.annualcreditreport.com, calling toll free at 1-877-322-8228, or completing an Annual Credit Report Request Form (found at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) and mailing it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. For questions about identity theft, credit monitoring, and how to keep information secure, patients can visit this website: http://www.consumer.ftc.gov/topics/identity-theft.

We take the protection of our patients’ information very seriously and have taken steps to prevent a similar incident from occurring in the future, including the implementation of additional technological security features designed to prevent future phishing scams.

Any individuals who receive a notification letter from MedSpring or who were treated at one of our Illinois facilities may call (866) 751-1317 toll free with questions.

Category: Breach IncidentsHealth DataPhishingU.S.

Post navigation

← Comcast breach exposes 26.5m customers’ Social Security Numbers and partial addresses
Arrested at airport as he was leaving for Serbia: Hacker charged with hacking computer network of Bay area video-game company →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.