1,800 Patients’ PHI Undermined in Metrocare Services Phishing Attack

Nov 16, 2018


Metrocare Services, the biggest supplier of mental health facilities in North Texas, has experienced a phishing attack that has led to the disclosure of 1,804 patients’ protected health information.

Numerous worker electronic mail accounts were undermined in the attack, with the first account breach happening on August 2, 2018. Metrocare didn’t notice the phishing attacks until September 4.

As soon as the breach was noticed, measures were taken to safeguard the accounts. Metrocare has also provided its workers with additional training on information safety, additional methods are being launched to improve the safety of its information technology infrastructure, and electronic mail safety has been reinforced.

The inquiry into the breach could not decide whether any electronic mails having patients’ protected health information were accessed by the attackers, however, data access could not be excluded. No reports have been received that indicate any PHI has been abused.

The kinds of information that were exposed varied from patient to patient and contained data such as names, health insurance information, driver’s license numbers, dates of birth, information linking to facilities received from Metrocare, and in some cases, Social Security numbers.

Metrocare began informing affected patients by post on November 1. Patients whose Social Security numbers were possibly undermined have been offered 12 months of free credit checking and identity protection facilities. All patients impacted by the breach have been suggested to verify their Explanation of Benefits statements for healthcare facilities that have not been received or approved.

Summit Medical Group Notifies Patients of Potential PHI Disclosure

Summit Medical Group is notifying certain patients that some of their protected health information has possibly been undermined.

The information was noted in a notebook that was preserved by a medical assistant in its Berkeley Heights dermatology office. On September 5, 2018, Summit Medical Group’s administration and secrecy office were notified that the notebook was misplaced.

The New Jersey physician-owned multispecialty medical practice carried out a search for the misplaced notebook but it could not be found. Workers were questioned and footage from safety cameras was checked. As per Summit Medical Group, the notepad was only ever used in the dermatology office and no proof of theft was found.

The notepad had written records on patients seen by the medical assistant since January 12, 2018. The kinds of information noted in the notebook differed for each patient and included names, health insurance numbers, telephone numbers, dates of birth, addresses, Medicare IDs, and treatment information.

Since the notebook might have been stolen, patients have been suggested to check their account and explanation of benefits statements and remain cautious for occurrences of identity theft and scam.

The breach report submitted to the HHS’ Office for Civil Rights shows 525 patients’ PHI was recorded in the notebook.