Catawba Valley Medical Center in Hickory, N.C., began mailing notification letters to an undisclosed number of patients Oct. 12 after it discovered an unauthorized user had gained access to three of its employees' email accounts.
CVMC learned about the phishing attack Aug. 13 and immediately took steps to secure the affected accounts. On Aug, 24, an investigation into the incident determined some patient information was included in the three accounts, including names, dates of birth, treatment and procedure information, and health insurance information. A limited number of patients' Social Security numbers were also compromised.
The hospital doesn't believe the patient information has been misused. In addition to the notification letters, CVMC officials also established a dedicated call center to answer patient questions about the incident.
"To help prevent something like this from happening in the future, we have hired security experts to enhance our employee education; we have implemented tighter e-mail controls; and we continue to upgrade our hardware and software platforms to combat these malicious threats," reads a statement on the organization's website.