A data breach at the Spokane Regional Health District may have exposed the personal medical information of more than a thousand people.
In a news release, the health district said it completed last week an internal investigation of a possible phishing attack that occurred on Dec. 21.
Phishing attempts generally happen through emails or text messages. They’re typically efforts by cybercriminals to trick recipients into sharing sensitive information. The cybercriminal’s goal is often to get the recipient to click on a link which then initiates a malware download onto the person’s computer.
The health district says its investigation found that the data thief may have “previewed” some protected health information but did not discernibly open, access or download any documents.
The data breach may have exposed the personal information of 1,058 health district clients. The district said the potentially disclosed information included the following:
- First and last names.
- Case numbers.
- Counselor names.
- Urinalysis results and dates.
- Medications and dates of last doses.
- Action taken, if any.
The phishing attack did not expose any Social Security numbers or financial information. The 1,058 individuals have been notified that their personal data may have been exposed.
The health district is still encouraging the 1,058 people to monitor their bank accounts for suspicious activity and advising that “Explanation of Benefits (EOB) from the insurance companies should be monitored for possible ID theft activities.”
The news release states the health district has stopped the data breach, ensured “a future connection can’t be made,” went over good cybersecurity practices with staff and tested its “system.”
Lola Phillips, the health district’s deputy administrative officer, apologized for the data breach in the release.
“We are very sorry,” Phillips said. “We have a strong commitment to safeguard your personal information, and we are working diligently to ensure that it does not happen again.”