Reliable Respiratory in Norwood, Mass., discovered unusual activity on an employee's email account in July, which may have allowed hackers to access an undisclosed number of patients' protected health information.
Through a phishing campaign, hackers gained access the employee's email account between June 28 and July 2. Fifteen different types of protected health information — including name, bank or financial account information, diagnosis, treatment information, medication or prescription information, driver's license or state identification number, Social Security number, patient claim or billing information, date of birth, credit or debit card information, username and password, health insurance information, medical record number, and passport number — were affected.
The clinic is notifying the affect individuals, and plans to offer them access to resources to help protect their personal information.
"While Reliable has security measures in place to protect information in its care, it is also taking steps to implement additional safeguards and review its policies and procedures to protect the security of information on its systems," the clinic said in a news release.