Oregon State Hospital

Oregon State Hospital became victim of a successful spear-phishing attack that gave the attacker access to one employee’s mail account.

That account held protected health information on patients their first and last names, dates of birth, medical record numbers, diagnoses, treatment care plans and other information used to provide treatment for patients at the psychiatric hospital.

While it was unclear that exactly who had ePHI in that account and unsure whether any of the data was even accessed or copied.

But there is no indication that any protected health information was copied from its email system or used inappropriately.

Source: https://www.databreaches.net/oregon-health-authority-provides-early-notification-to-oregon-state-hospital-patients-of-a-phishing-incident/

"id": "ORE193719323",
"linkid": "oregon-state-hospital",
"type": "Data Leak",
"date": "05/2019",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"