The protected health information of nearly 66,000 patients at Eden, N.C.-based Morehead Memorial Hospital was potentially exposed when two employees fell victim to a phishing attack July 21, reports Triad Business Journal.
The email accounts contained private patient and employee data, including health insurance payment summaries, treatment overviews, health plan information and, in limited cases, Social Security numbers, according to a notice on the organization's website. Upon learning of the incident, the hospital's IT staff cut off access to the affected accounts, issued a networkwide password reset and launched a forensic investigation.
All affected individuals were notified on Sept. 15, a hospital spokesperson told Becker's.
The hospital recommends patients who received care at Morehead or are members or beneficiaries of the hospital's group health plan regularly monitor their explanation of benefits statements.
"As a precaution, individuals can carefully check credit reports for accounts they did not open or for inquiries from creditors they did not initiate," the hospital's notice reads. If they notice any suspicious account activity, they should notify their credit agency or law enforcement.
More articles on cybersecurity:
918 cyberattacks so far this year: 6 things to know
Equifax experienced a separate breach months earlier than incident impacting 143M