Skip to content Skip to navigation

Phishing Attack in Texas Exposes PHI of 39K Patients

May 1, 2015
by Rajiv Leventhal
| Reprints

The Austin, Tx.-based Seton Family of Hospitals, part of Ascension health system, has acknowledged a phishing attack on its organization, resulting in the potential exposure of some personal health information for approximately 39,000 patients.

Seton said that it experienced an email phishing attack on December 4, 2014, which targeted the user names and passwords of Seton employees. After launching an investigation, which included computer forensics experts for assistance, it was determined in February of 2015 that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients.

The personal health information in the email accounts included demographic information (i.e., name, address, gender, date of birth, etc.), medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records, Seton officials said.

Seton said that it is taking steps to mitigate this incident by notifying affected individuals via letter, posting a substitute notice and providing notice to prominent media outlets in the area. Identity monitoring and protection services are being offered free of charge for those whose Social Security numbers have been affected by the incident. Additionally, Seton is working with its e-mail service provider to evaluate ways to enhance its security program.

The healthcare industry is certainly no stranger to phishing attacks. In a recent blog post for Healthcare Informatics, Mac McMillan, CEO of the Austin, Tx.-based CynergisTek and current chair of the HIMSS Privacy & Security Policy Task Force, said, “many of the more serious hacks or malware attacks were preceded by a phishing effort first. We saw random phishing attacks, directed spear phishing and combinations. These attacks are often successful because they prey on peoples emotions, desires, in some cases fantasies, but more often than not, it’s the expectation that recipients are tired, busy or in a hurry and not paying attention.” 



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.