- The attack occurred between August 14, 2018, and November 23, 2018.
- The attack came into the light after the CCPSA official noticed unauthorized access to an employee email account on November 23, 2018.
A phishing attack at Colorado-based Critical Care, Pulmonary & Sleep Associates (CCPSA) has resulted in the compromise of personal data of almost 23,000 patients. The attack occurred between August 14, 2018, and November 23, 2018.
The attack came into the light after the CCPSA official noticed unauthorized access to an employee email account on November 23, 2018, HealthITSecurity reported. After gaining access to the account, the hackers were able to send phishing emails to the employee’s contact list and financial payments.
The officials could not determine the exact activity of the hackers. They are unsure whether the attackers viewed or copied the data from the compromised accounts. Only the email system of CCPSA has been impacted in the attack.
Type of information compromised
The compromised data includes a variety of information of patients. This includes their names, clinical data like dates of service, diagnoses, and medical conditions, labs and diagnostic studies, medications, treatment details, addresses, dates of birth, and other treatment information.
For some patients, certain insurance information like member and group numbers, Social Security numbers, driver’s licenses, and costs of services were compromised. However, no credit card details were breached in the attack.
Upon discovery, the firm was quick at taking action. It immediately secured the access to the affected account. In addition, it ensured the integrity of the entire email system.
The firm has notified the affected patients and the law enforcement agencies about the breach. The firm has also changed the passwords of all its networks.