Phoenix Children’s Hospital reports recent phishing attack

Featured image

Share this article

Sinai health system notifies HHS of email breach

Phoenix Children’s Hospital, which provides specialty pediatric services, released a notice January 14 to inform the public and its patients about a late 2019 “data incident.”

Who was affected by the breach?

In November 2019, the hospital discovered that between September 5 and 20 an unauthorized third party accessed seven employee email accounts through phishing.

According to Phoenix Children’s, the breached email accounts stored limited protected health information (PHI), such as full names.

In some instances, patients’ had their social security numbers (SSNs) and certain health information uncovered.

What steps did Phoenix Children’s take after discovering the breach?

Phoenix Children’s sent written notification to 1,860 patients to inform them that someone had stolen certain PHI during the breach.

The hospital recommended that affected patients should review their financial statements periodically though the PHI did not include financial information.

Those with impacted SSNs received complimentary credit monitoring and identity protection services.

Phoenix Children’s emphasized that the hospital was “taking measures to help prevent this type of incident from occurring in the future” without providing specifics.

The notice further stated that a comprehensive inquiry is currently underway.

The Office for Civil Rights’ (OCR) lists the hospital on its ‘Cases Currently Under Investigation’ breach list as a hacking/IT incident.

Between November 2019 and now, OCR lists close to 100 healthcare organizations and over 1 million patients affected; the largest is PIH Health with 199,548 impacted patients.

How can you protect your employees and patients?

While Phoenix Children’s breach may not have been the largest, it demonstrates the necessity of a strong cybersecurity program.

And how necessary it is to have HIPAA compliant email.

Such incidences should, in fact, serve as a reminder to remain vigilant about cybersecurity.

Phishing attacks can happen at any given moment in healthcare as no amount of PHI is too small for cybercriminals.

Take the first steps to ensure HIPAA compliance before a breach occurs by utilizing strong security measures such as email encryption and inbound security with Paubox Email Suite Plus.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022