Several Email Accounts Compromised in Sunspire Health and UPMC Cole Phishing Attacks

Share this article on:

Two more healthcare organizations have reported phishing attacks that have resulted in cybercriminals gaining access to the protected health information of patients, both of which saw the attackers gain access to multiple email accounts.

Sunspire Health, which runs a national network of addition treatment facilities, saw several email accounts compromised as a result of a phishing campaign targeting its employees. The attacks were discovered between April 10, 2018 and May 17, 2018.

Forensic investigators were called in to determine the nature and scope of the incidents. The investigation revealed the first email account was compromised on March 1, 2018, with further accounts compromised and accessed by unauthorized individuals up until May 4.

No patients have reported misuse of protected health information to Sunspire Health to date, and no evidence was found to suggest the email accounts had been misused, although it is possible that protected health information in the compromised email accounts was accessed and may have been downloaded by the attacker(s).

The types of information present in the emails included patients’ names, dates of birth, diagnoses, treatment information, health insurance details and Social Security numbers.

Patients impacted by the phishing attacks have now been notified and a substitute breach notice was uploaded to the Sunspire Health website on July 16. Patients affected by the breach have been offered credit monitoring and identity theft protection services at no charge.

The Department of Health and Human Services’ Office for Civil Rights breach portal indicates 6,737 patients have been affected by the breach.

Phishing Attack on UPMC Cole Sees Two Email Accounts Compromised

UPMC Cole in Coudersport, Pennsylvania has discovered two of its employees have been duped by phishing emails resulting in the disclosure of their login credentials. The email accounts were compromised on June 7 and June 14, 2018 and were discovered when staff members started receiving suspicious emails sent from the compromised email accounts.

Prompt action was taken to block access to the email accounts and an investigation was launched to determine whether any patient health information was accessed. While data access was not confirmed, it could not be ruled out with a high degree of certainty.

The email accounts only contained a limited amount of PHI and no financial information or Social Security numbers were compromised. The types of data exposed was limited to names, dates of birth, medical procedures performed, general treatment information, names of healthcare providers, and scheduling information.

790 patients were affected by the breach and notification letters have now been mailed.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On