Mississippi Hospital falls victim to Phishing Email
Who: Gulfport Memorial Hospital
# of Records: 30,000 Patients
When it occurred: December 6, 2018
What Happened: Email phishing incident
How it Happened: An unauthorized third party gained access to an employee’s email account giving them access to patients names, dates of birth, health insurance, and other information.
Outcome: MHG immediately took steps to secure the account and began an investigation, which determined that patient information was contained in the email account and may have included patients’ names, dates of birth, health insurance information and/or information about medical care received at MHG. A limited number of Social Security numbers were also contained within the email account. Memorial mailed letters Friday to all the patients as a precaution. Nothing has indicated to Memorial that the information contained in the email account has been misused. Memorial Hospital is offering free credit monitoring and identity protection services to a “limited number” of patients whose Social Security numbers, health insurance information and other personal details were part of an employee email account that third-party access. The incident is still under investigation and even more, patients could be notified in the coming weeks. Memorial Hospital is enhancing information security safeguards to help prevent an incident such as this from occurring in the future.