Phishing Incident Affects Patients of Confluence Health

by | Aug 8, 2018

A not-for-profit health system that operates Central Washington Hospital, Wenatchee Valley Hospital and a dozen satellite clinics in Central and North Central Washington, has experienced a data breach incident involving a staff member’s email account that may have lead to unauthorized accessing of patients’ protected health information.

The security breach at Confluence Health was discovered on May 29, 2018. A digital forensics consultancy was contracted to conduct an investigation, which showed the email account had been accessed by an unauthorized person on May 28 and May 30, 2018.

The email account only included a restricted amount of protected health information and no highly sensitive data like Social Security numbers or financial information was accessed. Patients affected by the breach have had information such as their names and treatment information targeted.

Confluence Health had a number of security solutions in place to stop unauthorized account access and staff had been given security awareness training, yet those measures were bypassed by the hacker.

While PHI access could have taken place, the investigation showed no evidence to suggest that PHI had been stolen and no reports have been registered with Confluence Health to suggest there has been any inappropriate use of PHI.

Patients impacted by the breach have been alerted by mail and additional security measure have now been put in place to enhance the security of its email system and ensure that any suspicious email and network activity is detected more quickly in the future.

The breach had been reported to the Department of Health and Human Services Office for Civil Rights (OCR) , although the number of patients affected by the incident has not yet been revealed publicly.

The incident is the most recent in a spate of phishing attacks on healthcare groups. In the past eight weeks, phishing incidents have been reported by Sunspire Health in New Jersey, The Alive Hospice in Tennessee, the Terteling Co., Inc., Group Benefit Plan in Idaho, and Boys Town National Research Hospital.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy