Phishing Attack Exposes Franciscan Medical Group Patients' Data

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Washington's Franciscan Medical Group (FMG) recently announced that an undisclosed number of patients' personal and medical information may have been exposed following a phishing attack (h/t Becker's Hospital CIO).

The medical group learned on January 27, 2014 that phishing e-mails had been sent to a small group of FMG employees, several of whom had responded to the e-mails thinking that they were legitimate requests from FMG parent company Catholic Health Initiatives.

"When we learned of this, we immediately secured the affected e-mail accounts and began an investigation, including hiring an outside expert forensics firm," FMG said in a statement.

The forensics firm determined that the affected employees' e-mail accounts held patients' names, addresses, birthdates, phone numbers, treating physicians and/or departments, diagnoses, treatments received, medical record numbers, medical service codes and health insurance information. In a small number of cases, Social Security numbers may also have been exposed.

The News Tribune reports that approximately 8,300 patients may be affected, along with several thousand patients at other facilities run by Catholic Health Initiatives nationwide.

"We regret any inconvenience this may have caused our patients," FMG said. "To help prevent something like this from happening in the future, we have re-enforced education with our staff regarding 'phishing' emails and are reviewing enhancements for strengthening user login authentication."

Patients with questions are advised to contact (877) 283-6556.