Orlando (Fla.) Family Physicians began notifying 447,426 patients that it was the victim of a phishing attack on its employee email accounts.
Five things to know:
- On April 15, an unauthorized party accessed the email account of an employee by obtaining their user ID and password through a phishing email, according to a July 20 news release.
- After the attack, the physician practice launched an investigation and found that three other employee email accounts had been breached. Within 24 hours, unauthorized access to each of the four email accounts was terminated, according to the news release.
- On May 21, the investigation determined that patient data in the email accounts may have been exposed. On July 9, the patients, prospective patients, employees and other people who had data in the email accounts were identified.
- Exposed data may include names, health insurance information, Social Security numbers, passport numbers and medical-related information.
- To prevent similar incidents from happening in the future, the physician practice enhanced its security measures and is upping its employee training on email security.