The Colorado Mental Health Institute at Pueblo is under the state’s Department of Human Services. On December 22, it issued a notice following discovery of a phishing incident that potentially affected 650 patients: The Colorado Mental Health Institute at Pueblo (CMHIP) experienced a potential data breach after a staff member on Nov. 1, unintentionally allowed…
Category: Phishing
TX: MMH announces ‘data security incident’ involving patient information
MRT reports that once again, compromising employee email provides access for attackers: Midland Memorial Hospital announced Tuesday there was a data security incident involving a limited number of patients’ personal information. […] The hospital became aware on Oct. 13 that an unauthorized third party may have obtained access to an employee’s e-mail account on or…
Clarion U. students notified after employees fall for phishing attack
Ron Wilshire reports: Clarion University was notified of an email compromise that occurred because of a criminal phishing scam that compromised two email accounts in the registrar’s office. The unauthorized individual or individuals had access to the accounts between October 7 and October 10. “Clarion University is committed to data integrity and privacy protection,” said Communication Manager…
Sinai Health System notifies 11,350 patients after phishing incident
Ally Marotti reports: At least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people. The seven-member hospital system said in a statement Thursday that it cannot confirm whether any patient information in the email accounts was viewed. However, there is a low…
Basic training in avoiding phishing is no longer sufficient
Oof. I read something like this notification below from Boise Cascade Company in Utah, and I wonder if the employees had been regularly trained in avoiding phishing attacks, or if it was just the case that the phishing was done so damned well that the employees fell for it despite their training. In this case,…
Baptist Health Louisville notifies 880 patients after phishing incident
Baptist Health Louisville in Kentucky recently notified 880 patients of a phishing incident. The incident was also reported to the U.S. Department of Health and Human Services. According to a substitute notice in response to the breach, on October 3, Baptist Health discovered that an employee’s email account credentials were obtained by an unauthorized third-party…