Indiana health system victim of email phishing attack
An Indiana health system has been the victim of a sophisticated phishing attack.
Unauthorized individuals accessed email accounts of Beacon Health System employees which potentially contained protection health information.
On March 25, Beacon discovered the unauthorized access of email accounts. Some accounts could have been accessed as early as November 2013. The last unauthorized access occurred on Jan. 26. The organization began notifying affected individuals of the breach on May 22.
There is no evidence that any sensitive information was viewed or removed from the email accounts. Accessible information included Social Security numbers, date of birth, driver's license number, diagnosis, date of service and other medical information.
The health system has notified the Department of Health and Human Services, state regulators and also is working with the FBI.
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.