Cancer Treatment Centers of America (CTCA) at Southeastern Regional Medical Center suffered a data breach compromising patients’ Protected Health Information (PHI).
A third-party gained unauthorized access to an employee’s email account between March 10 and March 11, 2019. The employee had provided the network login credentials in response to a phishing email, which led to unauthorized access.
What was compromised?
The compromised email account contained patients’ personal information such as names, phone numbers, addresses, medical record numbers, health insurance information, government IDs, and medical information.
However, Social Security numbers and financial information were not involved in the breach.
What was the immediate action taken?
“We take our responsibility to safeguard your personal information seriously and remain committed to protecting patient privacy and security. We are evaluating potential security enhancements and continuing to educate our workforce about how to identify suspicious emails to help ensure this does not happen in the future,” the security notice read.