Merced, Calif.-based Golden Valley Health Centers began notifying 37,900 patients March 9 that their protected health information may have been exposed in a phishing attack.
On March 3, Golden Valley Health Centers determined that an employee’s email account had been accessed by an unknown, unauthorized third party. There is no evidence that patient information was removed or viewed from the email account.
Patient data that may have been exposed included medical information, billing and insurance information, referral information and appointment records.
Since the incident, Golden Valley Health Centers has enhanced its employee education and training. The system is also reviewing its information security to ensure a similar incident does not happen again.