Phishing Attacks Warning Issued to Patients of Salem Health Hospitals & Clinics and Delta Dental of Arizona

by | Nov 12, 2019

Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within a day of the accounts being accessed and the compromised accounts were safeguarded.

Patients were made aware of the breach on September 27 and were told that an investigation into the impacted accounts was current. The affected email accounts were expected to contain a limited amount of patient information including names, dates of birth, and data related to the medical services patients had been submitted. At the time of issuing the notice, the investigation into the breach was underway.

On Thursday, November 7, 2019, Salem Health representative, Elijah Penner, stated “The incident was reviewed thoroughly, and Salem Health has no indication that any patient information has been misused.” No evidence was uncovered to suggest patient information in emails and email attachments was accessed.

Salem Health has warned affected patients to be careful and monitor their accounts and explanation of benefits statements for signs of fraudulent activity. Email security is being improved and Salem Health will be strengthening education of employees to help them identify and avoid malicious emails going forward.

The breach has not been published on the HHS’ Office for Civil Rights breach portal yet so it is currently unclear how many patients have been affected by the security breach.

Delta Dental of Arizona Alerts Members in relation to July Phishing Attack

The Glendale, AZ-based detail insurance firm, Delta Dental of Arizona, has revealed it has experienced an email security breach in which the private data of plan members has been exposed. The security breach came to light on July 8, 2019 after the detection of suspicious activity in an employee’s email account.

The hacker used the employee’s credentials to log onto the email account on July 8. According to the substitute breach notice on the Delta Dental website, determining which members had information exposed was “a lengthy and labor-intensive process.”

Delta Dental of Arizona released a statement on November 8, 2019 confirming the investigation found no proof of unauthorized data access, although it was not possible to rule out unauthorized data access. Consequently, impacted members have been notified as a precaution.

The range of information in the email account included names, addresses, dates of birth, member ID details, Social Security numbers, driver’s license numbers, passport numbers, financial account information, credit/debit card numbers, dental insurance details, usernames/passwords, and digital signatures.

The incident has yet to be included on the HHS’ Office for Civil Rights breach portal so it is unclear how many members have been impacted.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy