Mille Lacs Health System in Onamia, Minn., reported that select employees fell victim to an email cyberattack that affected thousands of patients' information.
Four things to know:
1. The health system found that an unauthorized entity had access to employee emails from Aug. 26, 2019 to Jan. 7, 2020. Mille Lacs discovered the phishing attack on Nov. 14, 2019, and began an investigation.
2. Employees were sent phishing emails asking for their login and password information, and their credentials were used to access other employee email accounts.
3. Patient protected health information was contained within the affected email accounts, and the health system has terminated the unauthorized access. Information stored in the email accounts included names, dates of birth, provider names, dates of service and other clinical information. In some cases, the email accounts included messages with Social Security numbers.
4. HHS reported the email breach affected 10,630 patients.
More articles on cybersecurity:
Email incident exposes 30,132 patient records at post-acute management services company: 3 details
Magellan Health hit by ransomware attack
Ohio hospital inadvertently posts spreadsheet with 3,683 patients' information on website