The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients.
According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodist’) responded by launching an investigation into what happened. On August 7, 2019, this effort revealed that two Methodist employees fell victim to a phishing email. Bad actors accessed one of the accounts on June 12, 2019 as well as between July 1 and July 8, 2019, while they maintained access to the other account between March 13 and June 12, 2019.
Methodist’s statement revealed that the email accounts contained 68,039 patients’ personal and medical information at the time of compromise. This data included names, medical record numbers, Social Security Numbers and medical treatment/diagnosis details.