16,500 Patients Possibly Affected by Chase Brexton Health Care Phishing Attack

by | Oct 25, 2017

Chase Brexton Health Care has reported that the group experienced a phishing cyber attack on August 2 and August 3, 2017 and may have affected as many as 16,562 patients.

The cyber attack involved multiple phishing emails being delivered to the inboxes of its employees. Phishing attacks normally take the form of fake invoices and fake package delivery alerts, although these emails claimed to be surveys. After employees submitted the surveys they were asked to enter their login details. Four employees were duped by the scam and revealed their user account credentials.

The phishing attack was identified on August 4 and access to the employees’ accounts was restricted.  However, on August 2 and 3, the accounts of those unfortunate employees were accessed and the cyber attackers re-routed employee payments to their own bank account(s).

While the motivation behind the phishing attack did not seem to be to gain access to patient details, it is probable that some patients’ PHI was accessed and stolen. Chase Brexton Health Care has warned patients of the breach and adviseded them that PHI access is not suspected, although out of an abundance of care, patients are being offered complimentary identity theft repair services.

The types of data potentially accessed was restricted to names, addresses, dates of birth, patient ID numbers, provider name, diagnosis codes, service location, line of service, visit descriptions, medication details, and insurance details.

The investigation into the phishing attack is ongoing, and while details of the attackers’ bank account are known, the people responsible for the attack have not been identified. A third-party has been hired to complete an investigation into the phishing attack.

Apart from restricting access to the compromised accounts by altering passwords, Chase Brexton Health Care has put in place a new email spam filtering system to enhance protection against phishing attacks, staff have received more training and new security procedures have been adapted.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy