Morgantown, W.Va.-based Mon Health and its affiliated hospitals suffered an email phishing incident and a data security incident, all within three months.
On Feb. 28, Monongalia Health System, Monongalia County General Hospital Co., Preston Memorial Hospital Corp., and Stonewall Jackson Memorial Hospital Co. — collectively known as Mon Health — announced it had discovered that an unauthorized party gained access to information pertaining to patients, providers, employees and contractors.
Mon Health became aware of the incident Dec. 18 after unusual activity in its IT network caused disruption to the operations of some of Mon Health's IT systems.
Patient, provider, employee and contractor information that may have been accessed as a result of the incident includes names, addresses, Social Security numbers, Medicare health insurance claim numbers, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, claims information, medical and clinical treatment information.
Three months prior, Mon Health also began notifying patients Dec. 21 that hackers gained access to Mon Health's email accounts during an email phishing attack that exposed patient protected health information.
Patient, provider, employee and contractor information was also exposed in this breach.