Southwest Washington Regional Surgery Center suffered a Phishing attack

Southwest Washington Regional Surgery Center (SWRSC) in Vancouver, WA, suffers a data breach, in which 2,393 patients' secured health information might have been revealed. SWRSC is outpatient surgery center, which performs general surgery as well as also features various specializations that include pain management, podiatry, orthopedic, spine and plastic surgery. As per their website, the Center handles around 8,500 cases, every year.

As per a notice on Center's website, the breach involves a phishing attack through which the hackers gained access to one of the employees email inbox. However, no proof was found that will suggest that the attackers have accessed or downloaded any of the emails. The Center also does not found any evidence which will suggest that any information was misused. External cyber security professionals were hired by the Center after learning about the breach. A forensic investigation was launched, which ended on 25 September, 2018.

In the investigation, manually reviewing of all the emails in compromised email account was conducted in order to identify who are the affected patients, and what kind of information might have been compromised during the breach. The investigation has revealed that the email account got compromised on 27 May 2018, and the access to
the same was possible till 13 August 2018.

In their breach notice, the Southwest Washington Regional Surgery Center mentioned that the compromised email account contained protected information like the patients' names, medical information, Social Security numbers and/or driver's license numbers. Besides, the email account also had credit card numbers stored of a few patients.

On 6 November 2018, the patients who were affected by the data breach were sent notification letters about the breach. In addition, the affected patients have also been offered complimentary identity theft restoration and credit monitoring services for a year. Moreover, information was also provided on steps to be taken to reduce risk of fraud and identity theft. The Center has further set up a helpline service on a toll free number 888-891-8399 for the affected patients.

The breach has further prompted SWRSC to enhance their email access protocols for preventing these kinds of phishing attacks in future. They have also reset their passwords and have updated their password policy.

» SPAMfighter News - 11/23/2018