[BreachExchange] Phishing attack exposes patient info at Conway Regional Medical Center

Destry Winant destry at riskbasedsecurity.com
Thu Sep 5 10:22:25 EDT 2019


LITTLE ROCK (KATV) — An intruder gained access to patient and
physician information at Conway Regional Medical Center after an email
phishing attack, according to a letter sent to patients.

Patients who may have been affected were notified last month. In a
letter dated Aug. 23, the hospital system says the breach was
discovered in June after "unusual activity" surrounding employee email
accounts was detected.

Patient names, addresses, Social Security numbers, health insurance
information and "limited" medical information may have been accessed
as part of the data breach, Conway Regional Health System said in a
statement Wednesday. The hospital system said it had not found any
incidents where the information was misused. It did not say how many
patients were affected.

The hospital system said it's reviewing information security policies
and procedures to minimize the risk of another data breach.

Attorney General Leslie Rutledge advises any consumers who are
concerned that their personal information was breached to call the
office at (800)482-8982 or visit ArkansasAG.gov.

More information about the BreachExchange mailing list