loader gif

Oregon State Hospital suffered spear-phishing attack compromising patients' PHI

Oregon State Hospital suffered spear-phishing attack compromising patients' PHI
  • The compromised email account contained patients’ Protected Health Information (PHI) including names, dates of birth, dates of birth, medical record numbers, diagnoses, treatment care plans and other medical information at the psychiatric hospital.
  • There’s no evidence that any Protected Health Information (PHI) was copied from the email account or misused.

What happened?

On May 6, 2019, attackers targeted Oregon State Hospital with a spear-phishing attack and gained access to an employee's email account.

What was the immediate action taken?

  • The hospital quickly responded and stopped the unauthorized access to the email account.
  • Oregon Health Authority notified state attorneys general and provided a press release on the incident.
  • Furthermore, OSH has hired security experts to assist them in determining the nature and impact of the incident.

What data was involved?

The compromised email account contained patients’ Protected Health Information (PHI) including names, dates of birth, dates of birth, medical record numbers, diagnoses, treatment care plans and other medical information at the psychiatric hospital.

The hospital is conducting an ongoing investigation on the incident, However, there’s no evidence that any PHI was copied from the email account or misused. OHA is now notifying all the potentially affected patients about the incident.

“While there is no indication that any protected health information was copied from its email system or used inappropriately, Oregon State Hospital is notifying all patients that their information was potentially compromised. Once the review is complete, OHA will send individual notices to patients whose information was confirmed to be in the compromised emails,” OHA said in a press release.

loader gif