Phishing attack at Children’s Hospital Colorado compromises patient data

Featured image

Share this article

salesforce pardot blue colored email button on keyboard

Children’s Hospital Colorado, an academic pediatric acute care hospital with several locations throughout Colorado, released a notice July 27 reporting a recent phishing attack by an “unauthorized party.”

Not much is known about the email breach at this time. The hospital discovered the breach June 22, immediately securing the affected email account and hiring an outside firm to investigate.

Unfortunately, this is not the first phishing attack experienced by the hospital.

Who was affected by the phishing attack?

On June 22, the hospital learned that an outside party may have accessed a provider’s email account from April 6–12.

The hospital has not stated the type of phishing attack or the number of individuals affected.

The U.S. Department of Health and Human Services Office for Civil Rights’ Breach Portal lists the breach as an email hacking/IT incident affecting 2,553 individuals.

Exposed protected health information (PHI) may include name, date of service(s), medical record number, zip code, and limited clinical information such as diagnoses.

RELATED: Is a Name PHI?

At this time, there is no evidence that the hacker misused or accessed PHI. According to the notice, no other documents (such as patient charts) or systems were impacted.

Not the first email breach

In September 2017, Children’s Hospital Colorado reported a possible exposure of 3,370 patient’s PHI through a team member’s email account in July.

While neither breach would make a top 10 biggest breaches list, both are concerning, particularly the recent breach during the current crisis.

What steps has Children’s Hospital Colorado taken to protect patient data?

Children’s Hospital Colorado correctly utilized separate computer systems for sensitive data. As stated by the hospital, however, employee awareness training and email security need updating.

The investigation into the breach is ongoing and the hospital is “notifying all potentially affected families for whom it has contact information.”

Children’s Hospital Colorado also set up a dedicated line for patients seeking additional information. The hospital stated similar steps after the 2017 breach.

The 2020 notice further indicates the hospital’s commitment to evaluating additional training platforms and reviewing technical controls related to email.

How strong email security can help

Phishing and social engineering remain a significant problem in 2020; vigilance is more important than ever.

That’s why our customers turn to Paubox Email Suite Plus in order to send HIPAA compliant email directly to patient’s inboxes (no password or portal required), and to protect themselves from cyberattacks with robust inbound security tools such as display name spoofing protection and spam filtering.

Paubox Email Suite Plus seamlessly integrates with a customer’s existing email provider to send encrypted email by default; no change in user behavior is required once it is configured.

RELATED: How to Make Your Email HIPAA Compliant

Strong email security and knowledgeable employees allow healthcare organizations to communicate effectively while keeping everyone protected for complete, comprehensive healthcare.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022