Charleston (W.Va.) Area Medical Center notified patients of a January phishing incident that affected 54,000 individuals.
On Jan. 10 and 11, an unauthorized party accessed the email accounts of "a small number of" Charleston Area Medical Center employees through a phishing scam, the hospital said in its notice to patients. Upon learning of the incident Jan. 10, the hospital terminated the unauthorized access and secured the affected email accounts.
Charleston Area Medical Center partnered with a cybersecurity forensics firm for an investigation, which ended March 16. The investigation concluded that the unauthorized individual appeared to be interested in collecting hospital employees' login information rather than accessing patients' personal information.
The following types of personal information were found in the employee email accounts: first and last names, medical record numbers and health information such as discharge dates and test results. Additionally, Social Security numbers or financial account numbers were found for less than 0.001 percent of the potentially affected population.