Confluence Health discloses patient data breach after employee email account hacked

Jefferson Robbins reports:

Confidential patient information may have been released in an email breach at Confluence Health, the Wenatchee medical organization said in a Saturday press statement.

The information contained in an employee’s breached email account may have included “some patient information” including name and treatment, the press release said, but no financial information was believed to be at risk.

Read more on iFiberOne.

On July 27, Confluence Health published a statement on its web site:


July 27, 2018

Confluence Health values the privacy and confidentiality of our patients’ information. Regrettably, an incident may have involved some of that information.

On May 29, 2018, we learned that an unauthorized person may have gained access to an employee’s email account on March 30 and May 28, 2018. We immediately began an investigation, including hiring a leading third-party forensic firm to assist us. Our investigation determined that some patient information may have been included in the email account, including name and treatment information. No financial information was contained in the email account.

We have no indication that any information has been misused. However, out of an abundance of caution, we are notifying affected patients about this incident and provide assurances that we take it very seriously. We recommend that patients review statements received related to their healthcare, and contact their provider if they see services they did not receive.

Despite having security measures in place and maintaining a routine training program for our staff, this incident still occurred and we deeply regret any concern or inconvenience this incident may cause our patients. To help prevent something like this from happening in the future, we have taken numerous measures to heighten security around our email system and increased monitoring of our network for suspicious activity. For questions, please contact 1-877-341-4604, Monday through Friday, 6 a.m. to 6 p.m. Pacific Time.

Thank you,


Debby Andruss

HIPAA Privacy Officer

About the author: Dissent

Comments are closed.