25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Rosalind Franklin University of Medicine and Science Phishing Attack Sees PHI Compromised

Posted By on Jul 18, 2017

The protected health information of 859 patients of Rosalind Franklin University of Medicine and Science (RFU) has been compromised and potentially been viewed/stolen. The information was stored in two email accounts that were accessed by unauthorized individuals in May.

Access to the email accounts was gained after employees responded to phishing emails. The phishing attack occurred on May 10, 2017 prompting a full investigation. The malicious actors behind the phishing scam gained access to one email account for less than a day and the second email account for a period of 9 days. Access to the second email account was blocked on May 19.

Third party security experts were brought in to assist with the investigation to help determine the full extent of the security breach. RFU is now certain that unauthorized access to sensitive data has been blocked. Part of the investigation involved checking all messages in the compromised email accounts for protected health information.

The investigation confirmed that the compromised PHI was limited to patients’ names, addresses, dates of birth, telephone numbers, medical record numbers, diagnostic information and lab test results. No social security numbers or financial information were compromised.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

RFU says it has received no reports of any misuse of information in the accounts, although affected individuals have been advised to remain vigilant and to check their credit reports, account statements and Explanation of Benefits statements for any sign of fraudulent activity.

RFU has reassured patients that security measures had been introduced prior to the attack to protect data stored in its systems and proactive steps have now been taken to address the incident and strengthen security to prevent further successful phishing attacks. RFU has reported the incident to the FBI which is investigating.

An RFU spokesperson said, “The confidentiality, privacy, and security of information within our care is one of our highest priorities.”

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist