53,000 Pharmacy Patients’ PHI Exposed Due to Phishing Attack

PHI Exposed Due to Phishing Attack

Onco360 and CareMed Specialty Pharmacy notified 53,173 patients that their protected health information was potentially compromised. It is believed that the security breach happened on November 14, 2017 because of the detected suspicious activity related to an employeeโ€™s email account.

Third-party computer forensics experts investigated the incident to find out the nature and scope of the data breach. The released a report on November 30 mentioning the involvement of three email accounts in the breach. The email accounts contained some messages that contained the PHI of patients. The hacker could have viewed or stolen the sensitive information.

The potentially compromised PHI include the patientsโ€™ names, Social Security numbers, demographic details, clinical information, prescribed medications provided by the pharmacy and health insurance details. The financial information of some patients may have been exposed, too.

There were no reports received that indicate misuse of any PHI. Even so, patients were advised to be careful and check their billing statements, credit reports and Explanation of Benefit statements for any possible sign of fraud. Patients were offered one year free credit monitoring and identity theft protection services through ID Experts.

Employees responding to phishing emails seem to be the reason why the security breach occurred. As a response, the covered-entity gave all staff further HIPAA training to teach them how to identify malicious emails. Better email security controls were implemented to stop future phishing attacks.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/