NC: Diagnostic Radiology & Imaging notifies 800 patients of phishing incident in 2017
From their notice:
Diagnostic Radiology & Imaging, LLC (or “DRI”) operates multiple imaging facilities in Greensboro, North Carolina under the names Greensboro Imaging and The Breast Center of Greensboro.
On January 31, 2018, DRI became aware of an impermissible disclosure of limited health information about approximately 800 patients. An investigation revealed that on November 11, 2017, an employee of DRI became the victim of a phishing attack. “Phishing” is a type of cybercrime in which individuals are targeted and tricked into revealing sensitive or confidential information. In this case, an attacker emailed DRI employees using an email address that appeared to be legitimate, and one DRI employee revealed information to the attacker that allowed the attacker to access the DRI employee’s work-related email account. Within that DRI employee’s email account, we found a limited amount of information about patients, including names, a general description of imaging services received (including date, type, and location of imaging service), medical record numbers, and in some cases, email addresses and phone numbers. In just a few cases, the patient’s date of birth was also included. As a result, the attacker gained access to that information.
Please note that the attacker did not have access to any of our patients’ Social Security Numbers or other financial information, and for that reason, we do not believe there is any risk of financial harm to our affected patients as a result of this phishing attack.
In accordance with DRI policy, and as required by federal law, DRI is notifying affected patients via first-class mail.
We take the confidentiality and secure handling of patients’ information seriously. Our investigation involved external forensic investigators as well as attorneys with experience in handling these types of incidents. We have policies and procedures in place regarding the confidentiality and security of patient information, and we train our employees on these policies and procedures on a regular basis. In response to this cybercrime, we have retrained our employees and contractors on our policies and procedures relating to privacy and security. We have also implemented more specific training on phishing and other types of cybercrimes to better educate our employees and contractors.
We are very sorry that this happened, and we are taking steps to try to prevent situations like this in the future. If you have any questions or concerns, or if you would like to discuss this matter further, please do not hesitate to call 1-800-638-2869.
Diagnostic Radiology and Imaging, LLC. 1150 Revolution Mill Dr, Suite 9, Greensboro, NC 27405