Two Providers Report Breaches from 2018, 41,000 Patients Impacted

South Carolina-based Palmetto Health is notifying 23,811 patients of a potential breach, caused by a phishing attack in November 2018. According to the notification, Palmetto officials discovered the phishing attack on its employee email accounts that gave a hacker unauthorized access to individual email inboxes. Upon discovery, account access was blocked and third-party technical experts were hired to investigate the scope of the incident. The investigation determined access first occurred in November. Officials said they also examined whether patient data was contained in the breached emails and were “hand reviewed” to obtain patient names and addresses “for use in notification.” “We believe the purpose of the unauthorized access was to gain access to payroll information,” officials said in a statement. On February 19, 2019, officials concluded the investigation that determined the compromised accounts contained names and other patient data used by providers in the course of providing treatment. Officials said a “lesser portion” of the emails contained Social Security numbers and insurance information.

Spotlight

Spotlight

Related News