880 Patients Possibly Impacted by Baptist Health Louisville Phishing Attack

Baptist Health in Louisville, Kentucky has alerted 880 patients that some of their PHI have possibly been accessed and stolen by hackers.

The security breach was found on October 3, 2017, when irregular activity was noticed on the email account of an employee. Baptist Health determined that a third party transmitted a phishing electronic mail to the worker, who replied and revealed login credentials letting the electronic mail account to be retrieved.

Those login identifications were then utilized by an unknown person to gain access to the electronic mail account. The electronic mail account had the PHI of 880 patients, although it is not clear whether any of the emails were seen. The motive behind the attack may not have been to gain access to sensitive information.

What is known, is access was utilized to send more phishing emails to other electronic mail accounts. Following the detection of the breach, Baptist Health reacted quickly to restrict the potential for damage and disabled the affected electronic mail accounts performed a password reset to avoid further illegal access.

Due to the actions taken by the cyberpunk once access to the account was gained, Baptist Health doesn’t believe any information contained in the electronic mails has been used wrongly.

A review of all electronic mails in the account showed the kinds of information potentially undermined contained names, clinical information, medical record numbers, dates of birth, and treatment information. Some Social Security numbers were also exposed.

Since the probability of PHI access and misuse can’t be ruled out with a high degree of confidence, all 880 patients impacted by the breach have been notified and patients whose Social Security numbers were revealed have been offered free credit monitoring and identity thievery protection services for one year free of charge.

The workforce has also received additional training in relation to phishing electronic mails, and the login process for distant access has been strengthened to avoid similar breaches from happening in the future.