Doctors Community Medical Center in Maryland is notifying an unreported number of patients whose protected health information was potentially compromised by a phishing incident.
In January, the center noticed unusual network activity in its payroll system. Their investigation revealed that a number of employees had fallen for a phishing attack and that the attacker(s) had access to employee email accounts between November 6, 2019 and January 30. In their notification, they explain:
As part of the investigation, officials determined that some of the email accounts contained data sheets with patient demographic information. While not the same for all impacted patients, the patient information contained in the emails included: name, address, date of birth, Social Security Number, driver’s license, military identification number, financial account information, treatment information/diagnosis, prescription information, provider name, medical record number/patient ID, Medicare/Medicaid number, health insurance information, treatment cost information, and access credentials.
Although the center claims it has no evidence that any email was actually accessed, they are notifying patients out of the proverbial “abundance of caution,” and
As an added precaution, we are also offering complimentary credit monitoring and identity restoration services to those affected.
You can read their full notification on their website.
The incident is not yet posted to HHS’s public breach tool.