[BreachExchange] Cancer Treatment Centers of America notifies 16, 800 patients of another phishing attack

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/cancer-treatment-centers-of-america-notifies-16-800-patients-of-another-phishing-attack.html

Cancer Treatment Centers of America has learned that an email account
of an employee at its Atlanta-based Southern Regional Medical Center
was the target in a phishing attack that may have exposed
16,819patients, according to the HIPAA Journal.

The phishing attack happened on March 10 after an employee provided
network login credentials to the malicious email. CTCA was alerted to
the breach the following day and changed the password of the
employee's account.

Although the account was accessible for less than two days, the hacker
may have been able to view patients' names, addresses, medical record
numbers, government identification numbers, health insurance
information and some medical information. No Social Security numbers
or financial information was affected, reports the HIPAA Journal.

This is the second phishing attack to expose CTCA patients in the past
six months. A December 2018 data breach exposed the protected health
information of 41,948 patients.

Patients who were affected in the March 2019 data breach have been
told to monitor their explanation of benefits statement and other
account statements.