Presbyterian Healthcare Services Suffers Data Breach Impacting 183000 Patients

• Presbyterian Healthcare Services suffered a data breach after a few of its employees fell victim to a phishing scam compromising their email accounts.
• The compromised email accounts contained patient and/or health plan member names, dates of birth, Social Security numbers, and clinical and information.

Presbyterian Healthcare Services suffered a data breach impacting nearly 183000 patients and health plan members after a few of its employees fell victim to a phishing scam.

What happened?

On June 6, 2019, Presbyterian discovered that an unauthorized third-party gained access to some of Presbyterian’s employee email accounts sometime around May 9, 2019. After this, Presbyterian secured the compromised email accounts and began a thorough review of the impacted emails. The healthcare center also notified the appropriate federal law enforcement about the incident.

“With any such event, it takes time to investigate what happened, identify the affected individuals and arrange for the assistance services that are being offered. Once we became aware of this incident, Presbyterian secured these email accounts and alerted federal law enforcement,” stated Melanie Mozes, Presbyterian Communications Director.

What information was involved?

• The compromised email accounts contained patient and/or health plan member names, dates of birth, Social Security numbers, and clinical and information.
• However, Dale Maxwell, the President and CEO of Presbyterian, said in a statement that there is no evidence that electronic health record or billing information has been accessed.

What actions were taken?

• Presbyterian has taken several necessary steps and has implemented additional security measures in order to protect its email system and to avoid such incidents from happening in the future.
• Furthermore, the healthcare organization is providing training to its employees on how to protect information stored electronically and how to avoid phishing scams.

“At Presbyterian, we take the responsibility of protecting the privacy of our patients and members very seriously. We deeply regret that this event occurred and are committed to taking steps to help prevent this type of incident from happening again,” Maxwell said, Albuquerque Journal reported.

What was the response?

Jodi McGinnis Porter, director of communications for the New Mexico Human Services Department confirmed that some of the impacted residents were Medicaid recipients.

“We are very sorry that unauthorized access to some of the workforce members’ emails occurred. We are not aware of any improper use, or attempted use of your information, but we believe it is important to notify you of this incident,” Presbyterian said in a security notice.