MedSpring Urgent Care was the victim of a data breach thanks to a phishing scam recently, possibly exposing the health information of some 13,000 patients. It started when a single employee fell prey to phishing—something that wasn’t discovered for a week and half, during which time the patient records were exposed. Once it discovered the breach, MedSpring blocked the unauthorized party’s access to the email account and brought in a cybersecurity vendor to figure out what information could have been accessed. They learned that information in the compromised email account could have included patient names, account numbers, medical record numbers, and dates and services provided to the patients. There has been no confirmation that any of the information was actually misused, or even viewed. Nonetheless, MedSpring told all the possibly affected patients about the event, and arranged to provide a year of identity protection and fraud resolutions for all. This violation is a reminder that no matter how well protected you think your system is, there are individuals working diligently to break through. Work with cybersecurity experts to ensure your systems are up to date, and consider scheduling regular “check-ups” to make sure nothing slips through the cracks.
Data Breach Could Affect 13,000 Patients