Dive Brief:
- Hackers broke into the email accounts of four staffers at City of Hope National Medical Center in Duarte, CA, Albuquerque Business First reported.
- The mid-January phishing attack exposed some patients’ personal health information.
- City of Hope notified the affected patients and reported the incidence to state and federal authorities.
Dive Insight:
To help it investigate the attack and secure the email accounts, City of Hope retained a forensic IT firm. Results of the investigation suggested the attackers wanted to forward spam emails to the hacked accounts’ contacts, and was not targeting protected health information.
Still, three of the four accounts that were hacked contained patient, including names, medical record numbers, birthdates, addresses, email addresses, and telephone numbers.
The accounts also included some clinical information, such as diagnoses, test results of dates of service, but the medical center said most of the patients only had their names and medical record numbers exposed. One patient’s social security and financial information may have been viewed, the medical center said.
As part of the investigation, the forensics firm reviewed City of Hope’s IT systems and processes to protect against future hacks.
The incident differs from last month’s malware attack that locked Presbyterian Medical Center out of its IT systems, causing staff to lose email and access to patient data. The L.A. hospital eventually paid the attackers a 40 bitcoin ransom — about $17,000 — to regain control of its systems.