14 DAY TRIAL // A mistake by a health care worker resulted in the leaking of medical information of about 12,000 patients. The phishing attack took place on June 21 and lasted only 45 minutes, according to The Spectrum.
While he breach exposed medical record numbers, birth dates, procedures, and insurance provider names, provider names, the two-month investigation determined that the breach posed a negligible risk to the patients affected. Moreover, Revere Health believes that the hacker is not attempting to publish the patient medical information, but rather is using the incident as a platform to conduct more sophisticated phishing email attacks against other employees.
Bob Freeze, the director of marketing and communications, stated that the stolen data affected patients of the Heart of Dixie Cardiology Department in St. George. The company has already contacted the patients to inform them of the situation and advised them to check if any of their medical information has been shared.
Employees that are duped into phishing scams will receive IT Security training
Revere Health assures its patients that it has improved IT security measures since the incident. Freeze says the company plans to send test phishing emails to employees in the near future, and if an employee is tricked into clicking on a test phishing email, he will be invited to attend IT training. He adds that Revere Health urges its employees to review all aspects of an email before accessing it.
According to the Federal Trade Commission (FTC),a phishing email address typically appears as a legitimate name, but when clicked, a more sophisticated email address appears. Then again, there are several steps that can help recognize and avoid phishing attempts, including employing multi-factor identification, routinely backing up data, keeping device software up to date and installing security apps. The agency recommends victims to go to IdentityTheft.gov and follow the steps specific to the type of stolen or lost data.