Email accounts of Oaklawn patients were compromised by an unauthorized third-party during a data security incident that took place between April 14 and April 15.
The data breach was the result of a phishing incident, a type of cyber attack that uses deceptive emails to gain access to sensitive information.
Up to 26,861 patients within the Oaklawn system were potentially affected by the security breach. The email accounts included personal and protected health information including patient names, dates of birth, medical and health insurance information.
Some accounts also included Social Security numbers, financial account information, driver’s license numbers and online login information.
“Only a fraction of that total potential amount had a Social Security number that might have been compromised,” Oaklawn Vice President for Public Affairs Sara Wurfel said.
The hospital has contacted patients who were affected by the incident. Those notified should monitor their insurance statements for transactions related to care or services from Oaklawn that they haven’t received. The hospital is also offering complimentary credit monitoring for anyone whose Social Security numbers were compromised.
Wurfel said the hospital has conducted an investigation and a document review, and there is no evidence to suggest the data has been misused or is in the possession of someone it should not be. Still, patients are asked to monitor their finance and credit information.
“Oaklawn wanted to be as transparent as possible,” Wurfel said. “They just wanted to make sure that people were aware.”
A private digital forensics team continues to monitor the data for problems.
Oaklawn disabled access to the impacted email accounts and has required mandatory password resets to prevent further access by unauthorized parties.
Wurfel said that Oaklawn takes the privacy and security of patient information very seriously, and since the incident, the hospital has partnered with an external cybersecurity team to improve its technological safeguards, including improvements to its multi-factor authentication software and providing additional training to employees.
If patients need help determining whether their data has been compromised, or, if they have questions about data security at the hospital, Oaklawn has a toll-free response line at (888) 974-0058 available Monday through Friday from 9:00 a.m. to 6:30 p.m.
Contact Elena Durnbaugh at (269) 243-5938 or [email protected] Follow her on Twitter at @ElenaDurnbaugh.
Read or Share this story: https://www.battlecreekenquirer.com/story/news/2020/09/30/patient-data-compromised-oaklawn-email-account-security-incident/3587079001/