PHI of Almost 140,000 Individuals Potentially Compromised in Imperium Health Phishing Attack

Imperium Health Management, a Louisville, KY-based provider of development services to Accountable Care Organizations (ACOs), is notifying 139,114 individuals that some of their protected health information was potentially compromised in a recent phishing attack.

Imperium Health learned of the attack on April 23, 2020. The investigation revealed one email account was breached on April 21, 2020 and a second email account was breached on April 24, 2020 due to the employees responding to phishing emails. The emails contained links that appeared to be legitimate but directed the employees to a website where their email credentials were harvested.

A review of the compromised email accounts revealed they contained protected health information such as patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which can include Social Security numbers), and limited clinical and treatment information. Imperium Health was notified that the accounts contained PHI on June 18, 2020.

A third-party computer forensic firm assisted with the investigation and confirmed the breach only involved the two email accounts. Access was not gained to any other Imperium Health systems. While it is possible that patient information was compromised, to date no evidence has been uncovered to indicate patient information was viewed, obtained, or misused in any way.

Imperium Health has implemented additional security measures to protect its systems from further cyberattacks, which include the use of two-factor authentication on email accounts for remote access and new protocols for the secure transfer of sensitive information. The workforce has also been re-educated on email security and how to identify phishing emails.

Atrium Health and Saint Luke’s Foundation Impacted by Blackbaud Ransomware Attack

Saint Luke’s Health Foundation has confirmed the personal and demographic information of 360,212 individuals was potentially compromised in the recent Blackbaud ransomware attack.

The attackers obtained a copy of a backup of a database. The hackers gained access to Blackbaud’s network on February 7, 2020 access remained possible until May 20, 2020. Blackbaud chose to pay the ransom demand to obtain the keys to unlock the files encrypted by the ransomware and prevent any further disclosures of data stolen in the attack. Blackbaud does not believe any data were disclosed by the attacker or otherwise made available to the public and believes all data stolen in the attack have now been permanently deleted.

Data compromised in the attack included names, mailing addresses, email addresses, telephone numbers, and/or date of birth. A limited number of patients may have had guarantors’ names compromised, along with some patient medical information such as dates of service and departments where care was provided.

Atrium Health, one of the nation’s leading healthcare systems with over 900 care locations, has also confirmed it was affected by the Blackbaud ransomware attack. Data compromised in the attack include patients’ first and last names, contact information, demographic information (including date of birth, guarantor information, decedent status (if applicable) and internally generated patient ID numbers), treatment dates, locations of service, and treating physicians’ names. Minors affected by the breach also had the name of their guarantor exposed. Donation and donation dates were also included in compromised data. The breach report submitted to the HHS’ Office for Civil Rights indicates the records of 165,000 individuals were compromised.


Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.