Aultman Health Foundation Phishing Attack Affects up to 42,600 Patients

May 30, 2018


Aultman Health Institution, which controls Aultman Hospital in Canton, OH, is notifying roughly 42,600 patients that a few of their PHI might have been accessed because of a phishing attack.

Illegal and unfamiliar people succeeded in getting access to a number of electronic mail accounts handled by staff members of Aultman Hospital, its AultWorks Occupational Medicine section, and certain Aultman physician bases.

The unlawful access was first known on March 28, 2018 resulting in a complete examination to conclude the range of the breach and whether any secret information may have been retrieved. Third-party information security specialists were appointed to help with the inquiry and found that access to the email accounts took place on numerous occasions beginning in mid-February and went on until the breach was discovered and remediated in late March.

The breach was confined to email accounts. The system that states electronic medical data was not obtained. Electronic mail accounts utilized by Aultman hospital and certain doctor practices included names, addresses, medical history numbers, clinical information, and doctors’ names.

People examined by AultWorks Occupational Medicine had a bigger range of info uncovered including name, address, date of birth, medical history, reports on physical examinations, the results of drug, hearing, and breathing tests, and other lab test results. A few AultWorks Occupational Medicine patients also had their driver’s license number and/or Social Security number obtained. Social Security numbers were just disclosed in orders where businesses use Social Security numbers to recognize employees/potential staff members.

When the phishing attack was detected Aultman Health Foundation implemented a password reset to discontinue any further unlawful retrieving of email accounts and made certain only safe, difficult passwords might be set. Safety monitoring has been boosted to identify any future breaches more swiftly and other security controls have been applied to electronic mail accounts to oppose possible attacks. Staff members have also been provided more training to develop resistance to phishing attempts.

Aultman Health Foundation summarized in a security breach Frequently Asked Questions that it was impossible to decide whether emails and electronic mail attachments including PHI were opened and read by the individual(s) at the back of the attack; nonetheless, no reports have been presented to date to indicate any information in the accounts has been wrongly used.

All patients impacted by the occurrence have been cautioned to check their credit reports and Explanation of Benefits statements in detail for any proof of sham use of their information and people whose Social Security number or driver’s license number were obtained have been offered free credit checking facilities.