Marshall, Mich.-based Oaklawn Hospital recently notified patients of an employee email phishing attack that exposed their personal and protected health information.
Four notes:
1. In a Sept. 24 notice published on its website, Oaklawn Hospital said it discovered on July 28 that one or more employee email accounts were accessed by an unauthorized user between April 14-15.
2. Patient information exposed as a result of the incident included names, dates of birth, medical and health insurance numbers, and, in some cases, Social Security numbers, financial account information and driver's license numbers.
3. Oaklawn Hospital reported the breach Sept. 25 to HHS as affecting 26,861 individuals.
4. As a result of the breach, Oaklawn has added additional measures to improve its privacy safeguards, including providing additional training to employees and improving its multifactor authentication software.