A phishing scam targeting Health Quest employees potentially resulted in the leak of patient information, according to a notice from the health care provider.
John Nelson, director of public and community affairs with Health Quest, could not provide an exact number of impacted individuals, as the investigation is ongoing. The priority, he said, was to provide security to those affected.
“We want to make sure that everyone is aware of the situation and make sure that everyone is protected,” he said.
The incident occurred in July 2018, during which multiple employees were tricked into sharing their email account usernames and passwords. Shortly after the scam took place, Health Quest hired a cybersecurity firm to aid with an investigation.
The impacted email accounts were secured after learning of the attack.
On Jan. 25, the investigation found email attachments containing health information, and on April 2, Health Quest confirmed these attachments included patient information, including patient names, provider names, dates of treatment, treatment and diagnosis information and health insurance claims information.
All information related to services performed at Health Quest Affiliated from January 2018 to June 2018.
The investigation has found no evidence that this information was accessed or viewed.
Health Quest began alerting potentially impacting individuals Friday, and those affected should expect to receive a letter by June 10.
Those concerned they may be impacted can contact a call center dedicated to the breach at 1-800-277-0105. The center is open 9 a.m. to 6:30 p.m. Monday through Friday.
Nelson attributed the delay between when the extent of the scam was discovered and when Health Quest started alerting individuals to the cybersecurity firm’s investigation.
In response to the incident, Health Quest is enacting stricter security measures, including multi-factor authentication multi-factor authentication, and providing cybersecurity training for employees.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!