Critical Care, Pulmonary & Sleep Associates discovered that an unauthorized individual or entity gained access to an employee’s CCPSA email account and used the email address to send phishing emails to individuals in the employee’s electronic contacts seeking fraudulent financial payments.
The organization immediately began a detailed analysis and review of all potentially compromised emails and files to identify the names of all individuals who were potentially impacted, as well as the type of information included in these files.
Personal information that may have been accessed could include any of the following: full name, date of birth, address, phone number, email address, clinical information such as dates of service, diagnoses and conditions, labs and diagnostic studies, medications, and other treatment information.
"id": "CRI162312223",
"linkid": "critical-care-pulmonary-and-sleep-associates",
"type": "Data Leak",
"date": "01/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"