[BreachExchange] Yet another data breach reported at Spokane Regional Health District

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Mar 24 10:05:06 EDT 2022 

https://www.krem.com/article/news/health/spokane-regional-health-district-another-data-breach/293-2af1a1ff-9177-4397-8e2a-4064900b30d7

SPOKANE, Wash. — The Spokane Regional Health District (SRHD) reported that
they have encountered a data breach of personal health information from a
phishing email.

According to SRHD, the breach occurred on Feb. 24, 2022. This is not the
first time SRHD has reported a data breach, as the department experienced a
similar situation earlier this year.

An internal investigation discovered files containing client protected
health information may have been "previewed" by the data thief. The
investigation did not find any documents had been opened, accessed or
downloaded.

This disclosure affects 1,260 individuals from two departments. The first
group, totaling 1,060, may have had the following data viewed:

First and last names, initials
Date of birth
Date in emergency department
Source of referral
Provider
Hospital name
Diagnosing state
Whether or not patient was located
Date located
Patient risk level
Staging level
How medication is being picked up
Type of test
Test results
Treatment
Medication and reason prescribed
Meets criteria for expedited partner therapy
Delivery date (baby)
Treatment provided (baby)
Titer (diagnostic)
Medical referrals
Client notes
The second group affects 200 people. Data viewed includes:

First and last names, initials
Date of birth
Phone number
Shelter location
Test date
Notes
According to SRHD Deputy Administrative Officer Lola Phillips, the
department has responded to mitigate unauthorized disclosure of information
in the future by stopping the current breach, ensuring future connections
cannot be made, reinforcing current cyber security training with staff that
contains the use of multi-factor authentication and performing additional
testing on related systems.

“Much like the rest of the state of Washington, SRHD has experienced a
record-level spike in phishing emails and malware installation attempts. In
this instance, staff fell prey to a phishing scam which exposed
confidential information to data thieves,” Phillips said. “We have a strong
commitment to safeguard your personal information, and we are working
diligently to reduce the likelihood of future events.”

The people whose information was included in the data breach were notified,
according to SRHD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220324/9ee9f9e6/attachment.html>

More information about the BreachExchange mailing list