Cancer Treatment Centers of America discovered on June 6 that an employee's email account at its Philadelphia-based Eastern Regional Medical Center was compromised in a phishing attack, according to the HIPAA Journal.
An investigation determined that an unauthorized third party had gained access to the employee's email account between May 4-15. The password for the account has since been changed.
It's unclear if the unauthorized third party viewed the emails or took patient information. However, Cancer Treatment Centers of America said the email held the protected health information of 3,904 patients.
Patient information that was potentially affected included addresses, phone numbers, dates of birth, medical record numbers, other patient identifiers, medical information and health insurance information.
Eastern Regional Medical Center is providing further training to employees to increase awareness on cybersecurity threats. The medical center is also conducting a review of its email security to ensure an incident like this doesn't happen again.