Salem Health Hospitals & Clinics in Oregon suffered a phishing attack on July 31, 2019 that lead to an unauthorized person obtaining access to the email accounts of several employees. The breach was discovered within a day of the accounts being accessed and the compromised accounts were safeguarded.
Patients were made aware of the breach on September 27 and were told that an investigation into the impacted accounts was current. The affected email accounts were expected to contain a limited amount of patient information including names, dates of birth, and data related to the medical services patients had been submitted. At the time of issuing the notice, the investigation into the breach was underway.
On Thursday, November 7, 2019, Salem Health representative, Elijah Penner, stated “The incident was reviewed thoroughly, and Salem Health has no indication that any patient information has been misused.” No evidence was uncovered to suggest patient information in emails and email attachments was accessed.
Salem Health has warned affected patients to be careful and monitor their accounts and explanation of benefits statements for signs of fraudulent activity. Email security is being improved and Salem Health will be strengthening education of employees to help them identify and avoid malicious emails going forward.
The breach has not been published on the HHS’ Office for Civil Rights breach portal yet so it is currently unclear how many patients have been affected by the security breach.
Delta Dental of Arizona Alerts Members in relation to July Phishing Attack
The Glendale, AZ-based detail insurance firm, Delta Dental of Arizona, has revealed it has experienced an email security breach in which the private data of plan members has been exposed. The security breach came to light on July 8, 2019 after the detection of suspicious activity in an employee’s email account.
The hacker used the employee’s credentials to log onto the email account on July 8. According to the substitute breach notice on the Delta Dental website, determining which members had information exposed was “a lengthy and labor-intensive process.”
Delta Dental of Arizona released a statement on November 8, 2019 confirming the investigation found no proof of unauthorized data access, although it was not possible to rule out unauthorized data access. Consequently, impacted members have been notified as a precaution.
The range of information in the email account included names, addresses, dates of birth, member ID details, Social Security numbers, driver’s license numbers, passport numbers, financial account information, credit/debit card numbers, dental insurance details, usernames/passwords, and digital signatures.
The incident has yet to be included on the HHS’ Office for Civil Rights breach portal so it is unclear how many members have been impacted.