Some patient information was unlawfully accessed as a result of a “phishing” attack that targeted the email accounts of several City of Hope staffers, the Duarte cancer research and treatment facility reported Friday.

City of Hope. Photo via scic.coh.org/
The data breach, which took place the week of Jan. 18, “resulted in unauthorized access to four staff members email accounts, officials said.

After securing the email accounts and notifying law enforcement and other appropriate agencies, City of Hope, with the assistance of a forensic information technology firm, launched an investigation that revealed three of the affected accounts contained protected patient information such as names, medical record numbers, dates of birth, postal and email addresses, phone numbers and some clinical information such as diagnoses and dates of service, the facility reported.

“For the majority of patients, the information contained within the three breached email accounts contained only patient name and medical record number,” according to a City of Hope statement.

“With the exception of information relating to one patient, the information in the email accounts did not contain any Social Security numbers or financial information,” the statement continued. “It does not appear that the phishing attack targeted protected health information; instead, it appears the accounts were accessed for the purposes of sending spam emails to other individuals.

“City of Hope is sending notification letters to the affected patients, and is taking all appropriate steps to mitigate any potential harm to affected individuals,” according to the statement.

Phishing involves using emails to trick recipients into disclosing personal information, such as computer account user names, passwords, credit card numbers and other data.

Anyone with questions about the breach may call a toll-free hotline set up by City of Hope. That number is (866) 775-4209.

— City News Service

Leave a comment

Your email address will not be published.