Phishing Attack on Terros Health Potentially Exposed 1,600 Patients’ PHI

An employee working for Terros Health in Phoenix, AZ fell for a phishing scam and inadvertently disclosed login credentials to a scammer. The attacker accessed the employee’s email account, and potentially viewed protected health information (PHI) contained in the email account. Only one email account was accessed and no other systems were compromised.

Terros Health discovered the phishing attack on April 12, 2018 and announced it to the media on June 8. Breach notification letters have now been sent by mail to all patients affected by the breach. Investigators found out that the phishing attack happened on or around November 16, 2017.

The compromised email account contained the PHI of approximately 1,600 patients. 1,241 of the patients only had their names and birth dates exposed. The rest of the patients had their email address, address, medical record number, diagnoses and some other PHI exposed. The Social Security numbers of 142 patients were also contained in the compromised email and could have been viewed or obtained. Most of the patients impacted by the breach had received medical services at the clinic near 23rd Avenue/Dunlap Avenue.

Terros Health has offered free credit monitoring and identity theft protection services for one year to patients whose Social Security numbers were compromised and has already improved security, policies and procedures to prevent further breaches of similar nature. The staff also underwent further security awareness training.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/