A phishing attack on an employee's email account at Oregon State Hospital may have exposed patients' protected health information, KTVZ reports.
Oregon Health Authority and the Salem-based hospital have begun alerting patients of the May 6 security breach. In the notice, the health authority said that a spear-phishing email was sent to an Oregon State Hospital employee.
Patient information that may have been affected in the phishing attack included names, dates of birth, medical record numbers, diagnoses, treatment care plans and other information.
There has been no indication that patient information has been improperly used.
More articles on cybersecurity:
NewYork-Presbyterian contracts with device makers to run cybersecurity tests
Boxes of patients' medical records, blood pathogens found in Michigan dumpster
Amazon voice assistant for children allegedly records, stores conversations