Arizona Arthritis and Rheumatology Associates & Mon Health Report Phishing Incidents
Arizona Arthritis and Rheumatology Associates and Monongalia Health System have had email accounts compromised as a result of phishing attempts on their employees. Phishing typically involves the impersonation of trusted entities and social engineering to trick individuals into clicking a link in an email and disclosing their account credentials. Phishing is a leading cause of healthcare data breaches, including two of the top three healthcare data breaches in Q1, 2025.
Arizona Arthritis and Rheumatology Associates
Arizona Arthritis and Rheumatology Associates (AARA) was affected by a phishing attack that saw several employee Office 365 accounts accessed by unauthorized individuals on March 3, 2025. The compromised accounts were detected within hours of the unauthorized access and secured by changing the compromised passwords. AARA said employees were notified about the phishing attempts to prevent further account compromises, additional phishing awareness training has also been provided to the workforce to help the staff identify phishing attempts, and new software has been implemented to better protect against sophisticated phishing attempts.
The forensic investigation confirmed that the email accounts contained patient names, provider names, clinic names, birth dates, birth sex, insurance company names, balances, appointment dates, and limited health information and ID numbers. The email accounts did not contain any financial information, credit card information, or Social Security numbers. To protect against misuse of the exposed information, the affected individuals have been offered complimentary identity monitoring services for 12 months. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 5,509 individuals.
Monongalia Health System
Monongalia Health System, Inc. (Mon Health) has recently announced a data security incident that involved unauthorized access to the electronic protected health information of up to 4,895 individuals following a successful phishing attack involving “a small number of employee email users.” It is unclear from the substitute breach notice when email accounts were first compromised.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Mon Health explained that the forensic investigation confirmed on March 3, 2025, that the compromised email accounts contained personal information limited to names, physician names, facility names, and limited medical information. A very small subset of individuals also had their Social Security numbers and/or health insurance policy numbers exposed.
The investigation has found no evidence to suggest any of the exposed information has been misused. Mon Health has enhanced its security measures and employee security training and has offered the affected individuals complimentary identity protection services.
