Austin, Texas-based MedSpring Urgent Care, which operates urgent care centers in five Midwestern and Southern states, is notifying 13,034 patients seen at its Illinois facilities about a potential data breach resulting from an employee who fell victim to an email phishing scam May 8.
Immediately after discovering the attack May 17, MedSpring blocked the unauthorized third party's access to the email account and launched an investigation into the attack. The investigation determined information stored in the compromised email account may have included patients' names, account numbers, medical record numbers, and dates of medical services received.
MedSpring doesn't have any evidence the information was viewed or misused, but it is providing affected individuals one year of free identity protection and fraud resolution services.
"We take the protection of our patients' information very seriously and have taken steps to prevent a similar incident from occurring in the future, including the implementation of additional technological security features designed to prevent future phishing scams," the organization said in a notice.