In September, Adventist Health’s information security department discovered that an employee’s email account had been comprised in a phishing attack. The hacker had attempted to redirect invoice payments to defraud the hospital and vendors.
Patient data that may have been exposed included names, dates of birth, medical record numbers, hospital account numbers, insurance information and other information related to patient care.
Adventist Health said there is no evidence that patient information has been misused. Additionally, the hospital said that the phishing attack did not affect any other systems. Since the incident, the employee has changed his or her login credentials. Adventist Health also continues to train employees to spot and avoid phishing emails.
More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers’ emails
