Phishing attack affects 16,000 in Michigan

A phishing attack on an employee's email is the source of a potential data breach affecting 16,000 patients of a Michigan practice.

On July 14, an unauthorized individual gained access to the email account of an employee of Oakland Family Services, a nonprofit human and health services organization based in Pontiac.

The organization learned of the attack the same day. There was no infiltration of the EMR databases, or any other agency email accounts or databases, according to a release. The "rogue user" had access to the account for 23 minutes.

The email account contained protected health information including names, client ID numbers, services dates and types of service provided. Some emails also included birth dates, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers.

The incident affects clients seen between April 2007 and July 2015. 

The agency said it immediately terminated the hacker's access to the email account upon learning of the incidence. "We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented," said David Partlo, the organization's director of IT.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”