Rutland (Vt.) Regional Medical Center said it plans to mail letters to an undisclosed number of affected patients notifying them of a recent data breach.
The hospital discovered the breach after an employee noticed an increased number of spam emails being sent from his or her account Dec. 21, 2018. The employee reported the spam activity to the hospital's IT department Dec. 29.
Rutland Regional Medical Center subsequently determined the employee's email account was subject to unauthorized access and, upon further investigation, discovered an unauthorized third party had accessed nine employee email accounts at various times between Nov. 2, 2018, and Feb. 16.
Rutland Regional Medical Center's investigation into the incident is ongoing. No EMR systems or other internal systems were jeopardized in the phishing scam, according to the hospital.
While the number of patients affected is still unknown, Rutland Regional Medical Center said the unauthorized actor may have had access to patient information such as:
• Names
• Contact information
• Social Security numbers
• Financial information
• Dates of birth
• Medical record numbers
• Patient identification numbers
• Medical or clinical information
• Health insurance information
Rutland Regional Medical Center cannot confirm what specific information within the affected email accounts was accessed, viewed or acquired. The hospital said it plans to notify individuals who were affected in the breach.
The hospital also established a dedicated assistance line for patients seeking additional information.