Cyber Security

Washington residents’ medical data exposed by phishing attack on Spokane Regional Health District

The sensitive medical data of more than 1,200 Washington residents has been exposed after a successful phishing attack against a local public health agency.

Spokane Regional Health District (SRHD) said that “files containing client protected health information” associated with 1,260 individuals and two departments may have been “previewed” by an attacker during the incident on February 24, 2022.

However, “the investigation did not find any documents had been opened, accessed, or downloaded”, said SRHD in a data breach alert issued yesterday (March 24).

SRHD said 1,060 individuals may have had their first and last names, initials, dates of birth, and various medical data compromised. Health-related information exposed included test results, medications and prescription reasons, medical referrals, client notes, and delivery dates for pregnancies, among other data.

The other 200 victims potentially had their first and last names, initials, dates of birth, phone numbers, “shelter locations”, test dates, and notes exposed.

Although neither Social Security numbers nor financial information were involved, “those affected are encouraged to monitor their bank accounts and report any suspicious activity immediately”, while ‘explanation of benefits’ statements should be “monitored for possible ID theft activities”, according to SRHD.

Potential victims have been notified of the breach, added the healthcare provider.

Phishing spike

SRHD said it had “implemented appropriate corrective actions” to prevent further breaches, related to cybersecurity training, use of multi-factor authentication (MFA), and testing related systems.

“Much like the rest of the state of Washington, SRHD has experienced a record-level spike in phishing emails and malware installation attempts,” said Lola Phillips, deputy administrative officer at the SRHD. “In this instance, staff fell prey to a phishing scam which exposed confidential information to data thieves.

“We have a strong commitment to safeguard your personal information, and we are working diligently to reduce the likelihood of future events.”

One of 34 local public health agencies in Washington state, Spokane Regional Health District serves a population of more than 400,000 in Spokane County.

Source: https://portswigger.net/daily-swig/washington-residents-medical-data-exposed-by-phishing-attack-on-spokane-regional-health-district

Click to comment

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version