August 12, 2018
MedSpring Urgent Care, a setup of urgent care health centers in Atlanta, Fort Worth, Chicago, Dallas, Austin, and Houston, has seen an illegal person has gained access to an electronic mail account as a consequence of a worker being fooled by a phishing electronic mail.
The electronic mail account was undermined on May 8, 2018, however, the safety breach was not noticed until May 17. Upon detection of the break, the electronic mail account was protected to avoid additional illegal access and a prominent cybersecurity forensics company was hired to carry out an inquiry into the break and help with the break response.
MedSpring noticed on May 22, 2018 that the attacker possibly gained access to the PHI of patients through the electronic mails and electronic mail attachments. The break was restricted to a single electronic mail account and no other systems were undermined.
A complete analysis of all messages in the account was carried out to decide which patients had been affected and the kinds of information that had been disclosed. MedSpring says the break was restricted to patients who had earlier visited its urgent care health centers in Illinois.
The electronic mail account had information such as names, account numbers, medical record numbers, dates of services, and other information linked to the medical facilities provided to patients. The inquiry didn’t disclose any proof to indicate that electronic mails in the account were seen and MedSpring has not been notified of any instances of abuse of patient information up till now.
All patients possibly affected by the phishing attack have now been informed by post and 12 months of free credit checking, identity safety, and fraud resolution facilities have been provided through Experian.
As is needed under HIPAA Laws, the Division of Health and Human Services’ Office for Civil Rights has been informed regarding the breach. The breach report shows 13,034 patients have been affected.