Phishing attack on Five Rivers Health affects almost 156,000 patients

Featured image

Share this article

Phishing Attack on Five Rivers Health Affects Almost 156,000 Patients - Paubox

Based in Dayton, Ohio, Five Rivers Health Centers was victim to a phishing attack that lasted from April to June 2020.

Five Rivers Health Centers began in 2011 as a medical home for low-income patients. They are now a Federally Qualified Health Center (FQHC) that provides cost-effective, comprehensive primary and specialty care to people of all ages in the greater Dayton area regardless of their financial situation. There are currently 8 different locations that serve more than 25,000 patients.

What happened?

On May 28, 2021, Five Rivers Health Centers notified 155,748 patients that their personal information had been compromised due to a successful email phishing attack. An unauthorized individual accessed email accounts that contained patients’ personal data.

Although the attack occurred in 2020, an extensive forensic investigation into the cyberattack led by a third party confirmed the breach almost a year later, on March 31, 2021. Five Rivers didn’t notify patients until May 28, 2021. 

SEE ALSO: Coronavirus cyberattacks: how to protect yourself

Data included in the breach

The data breach included personal and protected health information (PHI), such as:

  • Name
  • Address
  • Date of birth
  • Patient account number
  • Medical record number
  • Treatments
  • Treatment cost information
  • Dates of service
  • Diagnoses
  • Test results
  • Lab reports
  • Provider name
  • Health insurance information
  • Prescription information
  • Medicare or Medicaid numbers

Some patients also had their financial account information, payment information, driver’s license/identification card numbers, and Social Security numbers stolen in the breach. 

How did Five Rivers respond?

To protect against future phishing attacks, Five Rivers is providing employees with updated security policies and procedures along with renewed cybersecurity training. Additionally, they are implementing 2-factor authentication.

Five Rivers is also providing free credit monitoring services for an entire year to patients whose Social Security numbers were compromised and reminded them to review their financial information and explanation of benefits statements regularly for fraudulent activity. 

Protect against phishing with Paubox Email Suite Plus

Healthcare providers must provide regular cybersecurity training for their employees, but data can still be compromised. Solid cybersecurity protection that includes email security is the only way healthcare providers can protect themselves from a data breach and subsequent HIPAA violations.

SEE ALSO: Why Anti-Phishing Training Isn’t Enough

Paubox Email Suite Plus provides both inbound and outbound email protection, including our patented ExectProtect feature, which stops display name spoofing emails from ever reaching the inbox. It also comes with Zero Trust Email, which requires an additional layer of proof of legitimacy before delivering an email.

Paubox Email Suite Plus also enables HIPAA compliant email by default, sent from your existing email client (such as Google Workspace or Microsoft 365). It ensures that your messages and patient information are safe from breaches. Our HITRUST CSF certified software offers Paubox customers and their patients assurance that their data is protected.

Try Paubox Email Suite Plus for free today.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Paubox

Read more by Paubox

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022