Convincing Phishing Email led to PII Exposure at Valley Health Care

2019, Breaches, February

Who: Valley Professionals Health Care

# of Records: 12,000 Patients

When it occurred: October 26 to November 27, 2018

What Happened: A data breach affected all seven of its health care locations, including their mobile site. Additionally, ​personal information from thousands of patients has been compromised.

How it Happened: It started when an employee received an email in late November that they believed to be from another health care organization that they had worked with in the past. When in fact, it was a phishing email that resulted in the information of more than 12 thousand patients being at risk. The email was very convincing. Information that was compromised could lead to serious implications in the future for those who were affected. Valley Professionals said the information could include the following types of information: Name, address, Social Security number, date of birth, diagnosis, procedure, or treatment information, provider information, patient identification number, the medical record number, information regarding payment for the receipt of health care. The health center said that in a very small number of instances, that information also could include bank account, routing number, health insurance group number and/or member numbers.

Outcome: Valley Professionals says they are taking steps to further protect patient information in the future and that included implementing technology software that will help do that. We are trying to educate our staff so it won’t happen again either. Valley Professionals is providing 12 months of free credit monitoring to those affected. All of the patients whose information has been compromised have been notified by mail.