Sunspire Health and UPMC Cole Phishing Attacks Compromised Patients’ PHI


Two healthcare providers sent in reports of phishing attacks that granted cyber criminals access to patients’ protected health information (PHI). The attackers in both incidents gained access to a couple of email accounts.

Sunspire Health manages a national network of addiction treatment facilities. In the latest incident, several email accounts were accessed by unauthorized persons due to a phishing campaign targeting its employees. Sunspire Health determined that the attack occurred in between April 10, 2018 and May 17, 2018.

Sunspire Health hired a team of forensic detectives to find out the nature and magnitude of the data breach. As per the investigation, the first email account was accessed on March 1, 2018. The hacker accessed the other email accounts up to May 4.

Sunspire Health did not receive any report of PHI misuse to date. The investigators likewise have not found any proof that show the email accounts were misused. Nevertheless, it is probable that the hackers viewed the PHI in the email accounts that were compromised and might have downloaded them. The email account stored patient data like names, dates of birth, diagnoses, treatment info, healthcare insurance information and Social Security numbers.

Patients whose PHI was compromised due to the phishing attacks were sent breach notification letters. On July 16, Sunspire Health additionally published a substitute breach notice on their web page. The patients also received offers of credit monitoring and identity theft protection services free of charge. Sunspire Health already submitted to the Department of Health and Human Services’ Office for Civil Rights the breach report, but the breach is not posted yet on its breach portal. The number of affected patients is still not known at this moment.

UPMC Cole was also victimized by a phishing attack that gave the hackers access to two email accounts. UPMC Cole, which is based in Coudersport, Pennsylvania, discovered that two employees have been deceived to reveal their login credentials after getting phishing emails. The email accounts were compromised on June 7 and June 14, 2018. Other UPMC Cole employees received emails sent from the two email accounts.

Prompt action was carried out by UPMC Cole to keep the hacker from using the email accounts. The breach was investigated to know if the hacker accessed any of the patient’s health information. Data access wasn’t confirmed, however it cannot be completely ascertained there was no access.

The patient information that the email accounts contained was just minimal and there wasn’t any financial information or Social Security numbers included. The compromised information included the patients’ names, birth dates, health operations done, general treatment information, particular names of healthcare providers, and scheduling information. The breach impacted 790 patients who were informed through mailed notification letters by UPMC Cole.