Privacy & Security

Patient data exposed for months after phishing attack on Sunspire

Employees fell victim to a targeted phishing campaign, which may have exposed sensitive data for some patients, including Social Security numbers and health insurance information.
By Jessica Davis
July 18, 2018
12:22 PM

Several employees of Sunspire Health, a nationwide network of addiction treatment facilities, fell victim to a phishing email campaign, which may have exposed personal patient information for about two months.

Hackers were able to access some employee email accounts between Mar. 1 and May 4, but officials did not become aware of the cyberattack until sometime between April 10 and May 17. Officials did not give an explanation as to why the discovery took more than a month.

Sunspire did not respond to a request for comment.

The impacted email accounts contained names, dates of birth, Social Security numbers, medical data like diagnoses and treatments, and health insurance information.

Officials are continuing to investigate the scope of the incident and have added technical and administrative security protections, along with further employee training to prevent another breach. All patients are being notified and offered a year of free credit monitoring.

While officials have notified the U.S. Department of Health and Human Services, the number of patients impacted by the breach haven’t been posted to the breach reporting tool.

[Also: The biggest healthcare data breaches of 2018 (so far)]

Sunspire is the second provider this week to report a months-long breach after a phishing attack. Two employee email accounts of Tennessee-based Alive Hospice fell victim to phishing and were breached for one to four months, potentially giving hackers access to troves of data.

Hackers continue to pummel the healthcare sector with phishing attacks. Manitowoc CountyCareFirstOnco360Aultman Health Foundation and several others have fallen victim this year. They should serve as a reminder to implement continuous monitoring to better detect abnormal behavior on a network and to ensure employees are trained to detect suspicious emails

Hackers, data breaches and other pressing security matters will be among the topics experts discuss at the upcoming HIMSS Healthcare Security Forum in Boston, Oct. 15-16. Register here

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

Topics: 
Network Infrastructure, Privacy & Security, Workflow

More regional news

Walmart store

Walmart announces closing of clinics and virtual care

By
Susan Morse
May 01, 2024
Hacker with glasses and hat looking at two screens with data and code

Ransomware was used in 72% of network intrusions last year, says BakerHostetler

By
Andrea Fox
May 01, 2024
Amanda Bury, chief commercial officer at Infermedica

Telemedicine, enabled with responsible AI, can improve the patient experience

By
Bill Siwicki
May 01, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Doctors review practice finances
LLMs are not ready to automate clinical coding, says Mount Sinai study

Most Read

WebMD acquires Healthwise to bolster patient engagement and growth
Zocdoc launches advanced partner program
Suki partners with Amwell on telehealth AI
How the Change Healthcare cyberattack is straining providers, and what the government can do
Memorial Healthcare finds success with switch to Epic-based telehealth vendor
HHS response to cash flow concerns from Change cyberattack inadequate, providers say

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Privacy & Security
Artificial Intelligence
Analytics

Video

Dr. Guido Giunti at Trinity College Dublin_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Novel digital therapeutics for MS empower patients
Kendall Brown at CenTrak_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How HIMSS membership can grow healthcare careers
Ellen Arigorat at NewYork-Presbyterian Hospital Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
HIMSS Changemaker champions Filipino-American health literacy
Sponsored by Minsait
Gustavo Adolfo Torres Becerra at Minsait__Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Healthcare organizations need interoperability to give residents preventative care

More Stories

Health professional at desktop computer
How AI-powered systems can help physician groups improve coding – and earn more
Nurse huddle with tablet
Nurses have a deep distrust of AI – but transparency and training could help
Dr. Jonah Feldman at NYU Langone Health System_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Want to reduce readmissions? Personalize digital discharge guides
Gabriel Garcia-Lopez at the Los Angeles LGBT Center Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From HIMSS conference attendee to 2024 HIMSS Changemaker
Kaiser building
Kaiser reports 13.4 million people affected by data breach
Stethoscope on tablet
HIMSSCast: The need for home care continues
Change Healthcare booth and sign
MGMA asks OCR: Hold UHG responsible for HIPAA breach notifications
A person in a suit holds graphic healthcare solutions in one hand, and a graphic of people in the other.
Vendor Notebook: Salesforce extends AI to public health services, DrFirst acquires Myndshft