[BreachExchange] Indiana health system alerts 68, 000 patients of data breach

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/indiana-health-system-alerts-68-000-patients-of-data-breach.html

Gary, Ind.-based Methodist Hospitals is notifying 68,039 patients that
their protected health information may have been exposed in a data
breach.

The health systems discovered unusual activity in an employee's email
account in June. Upon investigation, Methodist Hospitals determined
that two employees fell victim to a phishing attack. Collectively, the
unauthorized third-party had access to the email accounts between
March 13 and July 8.

Methodist Hospitals said there is no evidence that any patient
information has been misused.

Patient data stored on the email accounts included names, addresses,
health insurance information, group identification numbers, Social
Security numbers, financial account numbers, payment care information,
medical record numbers and treatment information.

The health system is recommending patients review account statements
and explanation of benefits forms as well as monitor credit reports
for any suspicious activity.

"We take this incident and the security of personal information in our
care very seriously. Upon learning of this incident, we moved quickly
to conduct an investigation, which included working with third-party
forensic investigators, to confirm the nature and scope of the event.
Additionally, while we have security measures in place to protect data
in our systems, we are reviewing our existing policies and procedures
and implementing additional safeguards to further protect
information," Methodist Hospitals said in a statement.