Carle Foundation Hospital (“Carle”), three Urbana, Illinois-based hospitals, suffered a data breach due to a phishing incident.
Carle learned an unauthorized person gained access to three Carle physician email accounts. They immediately secured the accounts, opened an investigation, and a leading cyber security firm was engaged to help identify what information may have been impacted. The investigation determined some patient information was contained in the email accounts, which may have included patient names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plan. Patient Social Security numbers and financial information were not contained in the physicians’ email accounts.
This incident affected "only certain patients that received cardiology or surgery services at Carle," says the press release.
"We have no indication the unauthorized person used patient information in any way or viewed the emails containing patient information," notes the press release.