Columbia, S.C.-based Palmetto Health, now known as Prisma Health, was targeted in a phishing attack that may have compromised the information of 23,000 patients, according to the HIPAA Journal.
Emails were sent to hospital employees containing a malicious link. If employees clicked on the malicious link, they were directed to a website that asked them to enter their email credentials. The hacker then gained access to their email accounts.
An investigation found the hacker's emails were sent in November. A review of the incident was completed Feb. 19, revealing the protected health information of 23,811 patients had been exposed, the HIPAA Journal reports.
Patients' names and treatment or consultation information was affected. A limited number of emails contained health insurance information, social Security numbers and financial information.
Don't let this happen to your practice. Annual employee compliance training can prevent such vulnerabilities. For more information, contact the HIPAA compliance experts at HIPAAcraticRx.