A phishing scam targeting Health Quest employees may have resulted in the leak of patient information, according to a notice from the health care provider. Health Quest is a Hudson Valley, NY-based entity of integrated hospitals and health care providers.
John Nelson, director of public and community affairs with Health Quest, could not provide an exact number of impacted individuals, as the investigation is ongoing. "We want to make sure that everyone is aware of the situation and make sure that everyone is protected," he said. The priority, he said, was to provide security to those affected, as reported by the Poughkeepsie Journal.
The incident occurred in July 2018, during which multiple employees were tricked into sharing their email account usernames and passwords. Shortly after the incident, Health Quest hired a cybersecurity firm to aid with an investigation.
Health Quest began alerting potentially impacted individuals Friday, and those affected should expect to receive a letter by June 10. Nelson attributed the delay between the time of the incident and when the company began alerting customers to the length of the cybersecurity firm's investigation.
The impacted email accounts were secured after learning of the attack, Health Quest said.
On Jan. 25, the investigation found email attachments containing health information, and on April 2, Health Quest confirmed these attachments included patient information, including patient names, provider names, dates of treatment, treatment and diagnosis information and health insurance claims information.
All information related to services performed at Health Quest Affiliated from January 2018 to June 2018, the company said.
In response to the incident, Health Quest is enacting stricter security measures, including multi-factor authentication multi-factor authentication, and providing cybersecurity training for employees, the company said.
Is your staff trained in detecting suspicious emails? Annual training from HIPAAcraticRx can give your staff the edge it needs to keep your health data secure. Call the compliance experts HIPAAcraticRx today.