[BreachExchange] Urgent care provider notifies 13K to data breach

Destry Winant destry at riskbasedsecurity.com
Wed Aug 15 00:16:58 EDT 2018


https://www.beckershospitalreview.com/cybersecurity/urgent-care-provider-notifies-13k-to-data-breach.html

Austin, Texas-based MedSpring Urgent Care, which operates urgent care
centers in five Midwestern and Southern states, is notifying 13,034
patients seen at its Illinois facilities about a potential data breach
resulting from an employee who fell victim to an email phishing scam
May 8.

Immediately after discovering the attack May 17, MedSpring blocked the
unauthorized third party's access to the email account and launched an
investigation into the attack. The investigation determined
information stored in the compromised email account may have included
patients' names, account numbers, medical record numbers, and dates of
medical services received.

MedSpring doesn't have any evidence the information was viewed or
misused, but it is providing affected individuals one year of free
identity protection and fraud resolution services.

"We take the protection of our patients' information very seriously
and have taken steps to prevent a similar incident from occurring in
the future, including the implementation of additional technological
security features designed to prevent future phishing scams," the
organization said in a notice.


More information about the BreachExchange mailing list