25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Artesia General Hospital Phishing Attack Impacts 13,905 Patients

Posted By on Sep 5, 2019

Artesia General Hospital in Artesia, NM, has discovered the protected health information (PHI) of 13,905 patients has been compromised in a phishing attack.

The breach was detected when an employee’s email account was discovered to have been used to send unauthorized emails. The breach was detected on June 18, 2019 and the forensic analysis revealed the account had been accessed by an unauthorized individual between June 11 to June 18.

A leading computer forensics company was engaged to investigate the breach, but no evidence of data theft was discovered. To date, no reports have been received to suggest PHI has been stolen or misused.

The email accounts contained patients’ names, birth dates, patient account numbers, medical record numbers, health insurance information, and some treatment and/or clinical information, such as diagnoses, dates of service, and provider names. A small subset of affected patients also had Social Security numbers exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The hospital has re-enforced security awareness training and additional measures are being implemented to improve email security. Patients who had their Social Security number exposed are being offered complimentary credit monitoring and identity theft protection services.

1,653 Patients of Carle Foundation Hospital Impacted by Phishing Attack

The email accounts of three physicians at Carle Foundation Hospital in Urbana, IL have been compromised in a phishing attack.

The security breach was detected on June 24, 2019 and the investigation revealed the accounts were compromised three weeks previously on June 3, 2019. Assisted by a third-party cybersecurity company, the hospital determined names, medical record numbers, birth dates, diagnoses, treatment plans, and clinical information were exposed. Affected patients had received previously received cardiology or surgery services at the hospital.

No evidence of data theft of PHI misuse was detected and notifications were sent ‘out of an abundance of caution.’  To prevent further incidents, employees are being retrained and email security is being improved.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist