PHI potentially exposed in the incident varied by individual, but may have included names, dates of birth, medical record numbers, health insurance information, clinical or treatment information, dates of service, provider names, diagnoses, procedure information, prescription information, subscriber ID numbers, benefits election information, Social Security numbers, and driver’s license numbers. The incident, which occurred from June 2020 to January 2021, impacted the PHI of 3,099 patients.
UMass Memorial Health released a statement in response to the healthcare cyber attack, “We regret any concern or inconvenience this incident may cause, and we remain committed to protecting the confidentiality and security of our patients’ and health plan participants’ information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multifactor authentication.”
Spoofing Incident Targets Hospital Patients
Spoofing incidents occur when a malactor targets individuals by calling them and posing as a trusted company, often displaying a false caller ID to trick call recipients. While some of these incidents are easily recognizable as a scam, others are more targeted making it difficult for call recipients to detect. One such incident recently reported targeted patients of Henry Ford Health System.
In a statement released on October 17, 2021, Henry Ford warned patients of the spoofing incident in which malactors attempt to trick patients to divulge their sensitive banking information by claiming that the Hospital is issuing them a refund. While the incident is ongoing, the statement claims that Henry Ford operators are receiving up to 200 calls a day regarding the scam.
John Fowler, interim chief information privacy and security officer at Henry Ford, explained, “We don’t believe callers are identifying themselves as a representative of Henry Ford, but we are very concerned that scammers are using our number in a fraudulent way. This is extremely concerning. We want people to trust that when they get a call from Henry Ford, we are reaching out to them with important information about their health. And with hundreds of people calling each day simply because they think we’ve called them, our operators are facing some serious challenges.”