BreachExchange mailing list archives
Oregon State Hospital data breach may have compromised patient information
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 15 May 2019 09:09:40 -0500
https://www.statesmanjournal.com/story/news/2019/05/13/oregon-state-hospital-data-breach-compromises-patient-information-salem/1193386001/ Patients' health information may have been compromised after a spear-phishing email was sent to an Oregon State Hospital employee on May 3. Oregon Health Authority officials said patients' information — first and last names, dates of birth, medical record numbers, diagnoses, treatment care plans — were exposed after the employee opened the message. Officials can't confirm, however, if the information was copied or used "inappropriately," according to a release from OHA. Spear-phishing is an online attack in attempts to steal sensitive information. The attacker usually targets one person and disguises themselves as someone the victim knows, according to Rebeka Gipson-King, Oregon State Hospital relations director. The employee opened the email around 9:50 a.m. on May 6 and clicked on a link which prompted them to type their login information, allowing the suspect to gain access, Gipson-King said. OHA's information technology security detected the breach around 10:30 a.m. and stopped access to the employee's inbox, Gipson-King said. The breach was reported to Oregon State Police, but aside from an IP address, the suspect's identity is unknown. The agency doesn't know how many patients were affected or what the suspect did with the information, she said. OHA will hire an external agency to examine the emails and clarify the identity and number of patients affected — as well as the specific information compromised. It should take about four to six weeks to get more information. OHA will send out an email to all patients whose information was potentially compromised. When the review is complete, OHA plans to send individual notices to affected patients. State hospital employees receive health information security training on how to avoid phishing scams, Gipson-King said. The agency learns how to make systems more secure after phishing incidents happen. Oregon State Hospital provides psychiatric treatment for adults from throughout the state who need hospital-level care, according to the hospital's website. There is an average of 615 patients at the Salem and Junction City campuses. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Oregon State Hospital data breach may have compromised patient information Destry Winant (May 15)