The Phishing Scam on the CMHI (Colorado Mental Health Institute) Found the Exposure of PHI

Colorado Mental Health Institute (CMHI) at Pueblo found that one of their employees has become the victim of the Phishing Attack helped the attackers to get access to the Protected Health Information of 650 patients of the hospital. Colorado Mental Health Institute is one of the best hospitals that contains 449 beds and provide proper care to the patients. The hospital was responsible for all the criminal activities and the breach of its patient’s PHI. The individuals that were found by the court showed that the crime was committed because of insanity. Therefore, it was useless to proceed with them.

The Phishing attack was found on 1st November 2017. It was the time when the employee un-intestinally misplaced the login details that allowed the criminals to get access to the computer. On the very next day, the criminal activity was detected and the access to the computer was blocked on the spot. The criminal activities and the investigation did not highlight any evidence for the stolen information. Although, it was assured that the information has been theft and data has been accessed by the unauthorized parties.

The notification of the breach has been sent to the impacted patients as required in the HIPAA breach cases. According to them, the information may include the names of the patients, the birth date, the SSN, insurance information, phone number, the address and admit and discharge dates of the patients.

The Phishing Scam encouraged the Colorado Mental Health Institute (CMHI) to implement the technological procedures to avoid all such activities in the future. The procedures and the privacy policies has been renewed and more queries has been added. The staff members are also advised to get trained to make them more experienced and active in performance. According to the Colorado Mental Health Institute (CMHI), all the patients who has been affected by the phishing attack has been reviewed and dealt according to the applicable law and the policies.