Saint Agnes Health Care, Inc. in Maryland disclosed that a cyberattack exposed 25,000 HIPAA records. The healthcare company Saint Agnes Health Care, Inc. of Maryland has reported that hackers gained access to an email account through a phishing campaign. Although only one email account was compromised, the user had privileges to access Protected Health Information (PHI), and the account contained records of approximately 25,000 patients of the facility.
UnityPoint Health Phishing Attack. In 2017, UnityPoint Health suffered a phishing attack in which attackers gained access to email accounts containing the protected health information of patients. A year later, between March and April 2018, the healthcare organization was targeted again, and this time the data of over 1.4 million patients was compromised. The second attack was conducted to divert payroll and vendor payments.
UCSD Medical Center. In 2021, UC San Diego Medical Center fell prey to a phishing scheme that resulted in numerous employee email accounts being compromised. This breach granted the attackers entry to confidential data belonging to patients, students, and staff. Shockingly, the breach remained unnoticed for an extended period, affecting the privacy of 495,949 individuals. The initial breach occurred in December 2020, with detection finally transpiring on March 12, 2021. However, it wasn't until April 8, 2021, that the intruders were successfully expelled from the system.
Henry Ford Health Phishing Attack. Henry Ford Health notified 168,000 patients that an unauthorized individual gained access to employee email accounts holding protected health information (PHI) after employees responded to phishing emails. The email accounts held patient information, including names, dates of birth, age, gender, telephone number, medical record number, lab results, procedure type, diagnosis, and date(s) of service.