Phishing attack affects 16,000 in Michigan
A phishing attack on an employee's email is the source of a potential data breach affecting 16,000 patients of a Michigan practice.
On July 14, an unauthorized individual gained access to the email account of an employee of Oakland Family Services, a nonprofit human and health services organization based in Pontiac.
The organization learned of the attack the same day. There was no infiltration of the EMR databases, or any other agency email accounts or databases, according to a release. The "rogue user" had access to the account for 23 minutes.
The email account contained protected health information including names, client ID numbers, services dates and types of service provided. Some emails also included birth dates, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers.
The incident affects clients seen between April 2007 and July 2015.
The agency said it immediately terminated the hacker's access to the email account upon learning of the incidence. "We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented," said David Partlo, the organization's director of IT.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.