Horne, a company Hattiesburg, Miss.-based Forrest General Hospital enlists to provide certain Medicaid reimbursement services, discovered one of its employees had fallen victim to an ongoing phishing attack that may have compromised Forrest's patients' protected health information.
An unauthorized individual had access to the email account from Oct. 31 to Nov. 1, 2017, during which the account was sending phishing emails. Some of those emails contained an attachment with the PHI of certain patients treated at Forrest.
Though Horne cannot confirm whether the unauthorized individual accessed or acquired the attachment, the potentially exposed data includes patients' names, Medicaid identification numbers, dates of birth, patient account numbers, dates of service and Social Security numbers.
Horne began notifying affected individuals Feb. 1 and will offer them one year of free credit monitoring services provided by Experian. Forrest patients can call Horne's dedicated assistance line to find out if they are affected and learn how to enroll in credit monitoring.
More articles on cybersecurity:
Ransomware detections up 90%: 3 study insights
Microsoft calls for 'Digital Geneva' in wake of high profile cyberattacks