Adventist Health Simi Valley (Calif.) began alerting patients Jan. 6 that their protected health information may have been exposed in a phishing attack.
In September, Adventist Health's information security department discovered that an employee's email account had been comprised in a phishing attack. The hacker had attempted to redirect invoice payments to defraud the hospital and vendors.
Patient data that may have been exposed included names, dates of birth, medical record numbers, hospital account numbers, insurance information and other information related to patient care.
Adventist Health said there is no evidence that patient information has been misused. Additionally, the hospital said that the phishing attack did not affect any other systems. Since the incident, the employee has changed his or her login credentials. Adventist Health also continues to train employees to spot and avoid phishing emails.