Phishing Attack Impacts 21,000 Reliable Respiratory Patients

by | Sep 12, 2018

Reliable Respiratory, a Norwood, MA-based respiratory care organisation has been subjected to a phishing attack that has impacted several thousand of its clients.

A cyberattack was first noticed on July 3, 2018, after the detection of unusual activity in an staff member’s email account. An official review was launched to deduce the cause of that activity, which showed the staff member had been targeted with a phishing campaign. The reaction to a phishing email lead to the disclosure of that person’s login details.

The unusual account activity was discovered on July 3 and the account was quickly secured. Computer forensic contractors were brought in to determine the manner of the breach. The breach investigation showed that the account had been accessed by an unauthorized person between June 28 and July 2. An analysis of the emails contained in the account suggested a wide range of protected health information could potentially have been accessed by the hacker.

Patients are now being alerted of the breach by mail and have been warned to monitor their account statements and explanation of benefits statements carefully for signs of identity theft and fraud. There was no reference in the substitute breach notice about whether credit monitoring and identity theft protection services are being provided to affected patients.

Patients impacted by the breach may have had the following range of protected health information impacted: Name, date of birth, medical record number, medical diagnosis, treatment information, medication/prescription information, username and password details, patient claim/billing data, health insurance information, driver’s license number, state identification number, Social Security number, passport number, bank or financial account information, and credit or debit card details.

Reliable Respiratory will be putting in place extra measures to improve the security of its systems and will update its policies and procedures to reduce the risk of experiencing future  phishing attacks.

The report sent to the Department of Health and Human Services’ Office for Civil Rights (OCR) states that 21,311 patients were impacted by the phishing attack.

Email Security Incident at Carpenters Benefit Funds of Philadelphia

A similarly sized HIPAA violation breach was reported to OCR by Carpenters Benefit Funds of Philadelphia on August 31, 2018. The email hacking incident lead to the exposure and possible theft of 20,015 plan members’ details.

A substitute breach notice has not yet been published to the Carpenters Benefit Funds of Philadelphia web portal and a prominent media outlet does not appear to have been made aware of the breach at the time of writing, so the precise manner of the breach is not yet public.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy