Atlanta-based Piedmont Cancer Institute began notifying more than 5,000 patients in September that their personal health information was exposed as the result of a recent email phishing incident.
The medical center reported the breach to HHS as affecting 5,226 individuals and posted a data security incident notice to its website stating that an unauthorized individual gained access to a Piedmont Cancer Institute employee's email account between April 5 and May 8.
Patient information exposed due to the email hack includes names, dates of birth, financial account information and credit and debit card information.
As a result of the incident, Piedmont Cancer Institute is implementing multifactor authentication across its email environment and has rolled out additional security awareness training.