Orlando Family Physicians Group Phishing Attack Impacts 8,400 Patients
8,400 patients of the Humana-owned Family Physicians Group in Orlando are being notified that some of their protected health information has potentially been compromised as a result of a phishing attack.
Family Physicians Group is one of the largest providers of healthcare for Medicare and Medicaid beneficiaries in Central Florida and operates 22 clinics in the region.
An investigation into the breach confirmed that an employee’s email account was accessed by an unauthorized individual on August 7, 2018. Unauthorized account access remained possible until August 21, 2018, when the breach was discovered and login credentials were changed. The login credentials were obtained by the attacker when the employee responded to a phishing email.
Affected patients were notified about the incident on December 28, 2018. It is unclear why it took more than 4 months to issue notifications to patients.
An analysis of the emails in the compromised account confirmed certain messages contained the protected health information of patients. No financial data or Social Security numbers were recorded in emails. The breach was limited to names, dates of birth, physicians’ names, and health insurance information.
Family Physicians Group has not received any information to suggest that patient data were stolen and misused.
Family Physicians Group reset all email passwords as a precaution and has upgraded its email application and implemented further security measures to improve protection from phishing attacks.