Sacred Heart Rehabilitation Center Notifies Patients of Phishing incidents after which an unauthorized individual has gained access to the email account of an employee following a response to a phishing email.
It was unclear when the phishing attack was detected by the rehabilitation center, but the investigation into the breach concluded in November.
The compromised information included patients’ names, home addresses, diagnoses, treatment information, health insurance information, and Social Security numbers.
The number of patients affected by the breach has not been publicly disclosed at this point and the breach has not yet been listed in the Department of Health and Human Services.
Sacred Heart Rehabilitation Center has said not all patients were affected and to reduce the risk of further successful phishing attacks, additional security measures have been implemented and employees have received further security awareness training.
"id": "SAC04716223",
"linkid": "sacred-heart-rehabilitation-center-inc-",
"type": "Breach",
"date": "01/2019",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"