Another healthcare employee opened an email that turned out to be a phishing scam that ended up compromising the protected health information and Social Security numbers of 39,000 patients.
The Texas-based Seton Healthcare Family, part of Ascension health system, has notified affected patients after a December 2014 phishing attack compromised an email account. Following an investigation, officials determined at the end of February that the email accounts impacted by the phishing scam contained PHI for 39,000 patients.
Data compromised included patient demographics, medical record numbers, Social Security numbers, clinical
data and insurance information.
"Seton sincerely apologizes for any inconvenience this unfortunate incident may cause," officials wrote in a notice. In the wake of the breach, Seton officials say they are working with their email service provider to look at ways it can improve its current security program.
This is not Seton Healthcare's first breach. In 2013, the health system reported that an unencrypted laptop containing PHI was stolen, according to data from the Office for Civil Rights.
PHIPrivacy.net also highlighted three additional data breaches
that transpired at Seton since 2007, involving two other stolen laptop incidences compromising some 10,300 patients' data. The third breach involved an error by one of the health system's business associates, HealthLOGIX, and resulted in more than 500 patients being mailed the wrong member cards.
There's been a trend in recent months of phishing attacks in the healthcare sector. Even earlier this year, the federal government notified consumers
of the health insurance marketplaces that they've been the target of recent phishing scams. And, in the wake of the Anthem breach, there's been a surge in reported phishing scams
with members affected by the breach that compromised some 80 million records.