Centennial, Colo.-based Centura Health began notifying 7,515 patients last week that their information may have been exposed due to a phishing attack.
The health system confirmed that sometime prior to April 16, an unauthorized third party gained access to an employee's email account. An investigation revealed the email account held patient information.
Patient information that may have been affected included names, dates of birth, medical record numbers, account numbers, dates of services, treating physicians and general descriptions of services. No Social Security numbers, financial information or health insurance numbers were exposed.
Centura Health has set up a call center for patients who were affected and have questions. The health system is mailing letters to the 7,515 patients involved. Centura Health has also reported the incident to law enforcement.
Additionally, Centura Health required the affected employee to change his or her email password. The health system re-educated employees about creating strong passwords and cybersecurity efforts.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island