Multiple Phishing Attacks Reported, Targeting Three Bodies

The Minnesota-based senior care treatment LifeSprk is making contact 9,000 of its clients that some of their protected health information was possibly breach due to a November 2019 phishing attack.

On January 17, 2020, Lifesprk found out that an unauthorized person had logged into the email account of one of its employees. The account was immediately disabled and a third-party cybersecurity firm was engaged to investigate the violation. The cybersecurity firm determined that a small number of employee email accounts were compromised from November 5 up until November 7, 2019.

For the majority of the impact members of staff, information in the compromised accounts was kept to names, medical record numbers, health insurance information, and some health detail. Some patients also had financial information and/or their Social Security number breached.

The investigation into the breach is still current. So far, no proof has been found to suggest theft or misuse of protected health information has taken place.

Meanwhile, the University of Utah Health announced on Friday that unauthorized people logged into the email accounts of a small number of employees between January 7, and February 21, 2020 and potentially accessed patients’ protected health details.

University of Utah Health found out on February 3, 2020 that malware had been installed on an employee’s workstation which potentially gave unauthorized persons access to patients’ protected health information.

The information kept in the email accounts and on the affected computer was kept to names, birth dates, medical record numbers, and some clinical information connected to the care provided by University of Utah Health.

Affected patients are now being notified, security policies are being reconsidered and refreshed and education will be reinforced with members of the workforce.

At the Oregon Department of Human Services it has been noticed that an unauthorized individual logged into the email account of one of its employees as a result of answering a spear phishing email.

Currently it is not clear if any protected health information has been accessed, copied, or misused; however, out of an abundance of caution, identity theft protection services will be made available to all affected people.