Indiana health center alerts patients of October phishing attack

Valley Professionals Community Health Center, a federally qualified health center headquartered in Cayuga, Ind., is notifying patients of a potential data breach involving their protected health information.

Six things to know:

1. VPCHC discovered suspicious activity on an employee email account Nov. 27.

2. It immediately launched an investigation, which determined an unauthorized third party had access to the email account dating back to Oct. 26.

3. Health center officials were unable to determine which individual emails stored in the account may have been opened. Potentially compromised information includes:

  • Names
  • Addresses
  • Social Security numbers
  • Dates of birth
  • Diagnosis, procedure or treatment information
  • Provider information
  • Patient identification numbers
  • Medical record numbers
  • Information regarding payment

4. For a limited amount of patients, bank account information, routing numbers, health insurance group numbers and member numbers may have also been compromised.

5. VPCHC's investigation is ongoing, but officials do not have any evidence that the hacker has misused patient information held in the email account. As a precaution, the health center is offering affected individuals free credit monitoring services.

6. As of Feb. 1, information regarding the data breach has not yet been posted to the HHS' Office for Civil Rights breach portal, which requires HIPAA-covered entities to report data breaches affecting 500 or more individuals.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars