Phishing Attack on Colorado Mental Health Institute Brings PHI Disclosed

The Colorado Mental Health Institute at Pueblo has found that one of its workers has been a victim of a phishing cheat that possibly let the assailant access the PHI of as many as 650 sick persons.

The Colorado Mental Health Institute at Pueblo is a 449-bed hospice offering inpatient treatment for patients. The hospice attends patients with undecided criminal allegations that need capability assessments, people found by the benches to be unable to proceed, and people found not responsible for criminalities because of stupidity.

The phishing attack happened on November 1, 2017. The worker mistakably revealed login identifications that let the assailant gain entrance to a state-issued computer system. Illegal activity on the computer was noticed the next day and access to the computer was quickly obstructed.

The forensic inquiry didn’t disclose any proof to indicate the PHI of patients had been retrieved or thieved, even though the probability of illegal access and data thievery might not be precluded with complete confidence.

All patients affected by the case have been alerted to the safety breach, as is needed by HIPAA. They have been notified that possibly undermined information “might contain, but is not restricted to name, Social Security number, date of birth, address, insurance information, phone number, admission as well as discharge dates.”

The phishing attack has encouraged the Colorado Mental Health Institute to apply fresh technical precautions to avoid future phishing attacks. Secrecy plans and processes have additionally been revised as well as updated and workforce has received additional coaching on the dangers from racketing. The Colorado Mental Health Institute stated the person who has been a victim of the phishing cheat has been treated “as per CDHS rule as well as relevant law.”