3 phishing hacks breach 20,000 Catawba Valley patient records

While investigating one phishing attack in August, medical center officials discovered a hacker had access to three accounts for more than a month.
By Jessica Davis
02:14 PM

North Carolina-based Catawba Valley Medical Center is notifying 20,000 patients that their personal data was breached after three successful phishing attacks.


Officials discovered unauthorized access on an employee email account on Aug. 13 and immediately secured the account and launched an investigation with help from a third-party forensic firm. The investigation determined it was not one but two accounts hacked for more than a month between July 4 and August 17.

The investigation found those email accounts included patient names, dates of birth, medical data and health insurance information, according to officials. Social Security numbers were included for some patients.

Catawba Valley began notifying patients on Oct. 12 and created a dedicated call center to handle patient questions about the breach. Officials are recommending patients review any statements they receive from their insurance carrier to make sure they’re not billed for any services they didn’t receive.

The medical center has since hired security experts to improve employee education while bolstering email controls and upgrading its software and hardware controls, officials said.


Catawba Valley joins the unfortunate trend of breaches caused by undetected phishing attacks. Two breaches in October went on for weeks to months. Gold Coast Health Plan notified 37,000 patients that their data was hacked for more than a month after a phishing attack.

Meanwhile, the Minnesota Department of Human Services was blasted by state officials after phishing attacks on two separate employee email accounts went undetected for more than a month, breaching 21,000 patient records.

And over the summer, four other organizations reported similar breaches: UnityPoint, Sunspire, Manitowoc County and Legacy Health.

While organizations may be flooded with an abundance of data or perhaps lack sufficient staff for detecting abnormalities, network monitoring and access management are no longer optional given the steady onslaught of malicious attacks. Some of these tasks can be automated, which can improve detection.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.