Patient records in emails may have been accessed in phishing incident at Torrance Memorial Medical Center
City News Service reports:
Torrance Memorial Medical Center began notifying some patients Monday that email accounts containing “work-related reports” and personal data were breached at the hospital.The so-called phishing attack occurred on April 18 and 19, according to medical center spokesman Ed Finn, who said facility personnel, working with third-party forensic investigators, launched an investigation “to determine the nature and scope of the incident.”“The investigation determined that personal information for certain individuals was present in some impacted emails, but it remains unclear whether emails or attachments containing the information were accessed by an unauthorized person or persons,” Finn said.
Read more on Daily Breeze.
Here is the text of the notice on the center’s web site:
On April 20, 2017, Torrance Memorial Medical Center (Torrance Memorial) discovered an email security incident that had taken place on April 18 and 19, 2017. The incident allowed access to two email accounts that contained work-related reports. Torrance Memorial immediately launched an investigation, which included working with third-party forensic investigators, to determine the nature and scope of the incident. The investigation determined that personal information for certain individuals was present in some impacted emails, but it remains unclear whether emails or attachments containing the information were accessed by an unauthorized person or persons.We take the security of personal information in our care very seriously. We have security measures in place to protect data in our care and we are also working to implement additional safeguards and provide additional training to our staff on safeguarding the privacy and security of information on our systems. We have reported this incident to the California Department of Public Health, the U.S. Department of Health and Human Services, and the FBI. We will also be notifying state officials, as required by law.
Frequently Asked Questions
Q: What happened?
Torrance Memorial was targeted by a cyberattack that allowed an unauthorized actor(s) access to two email accounts that contained work-related reports. To date, we have no evidence of any actual or attempted misuse of information as a result of this incident. Torrance Memorial considers matters of security and privacy of the utmost importance and we are taking proactive steps to address this incident.
Q: What information may have been affected by this incident?
Again, to date, we have no evidence of any actual or attempted misuse of information as a result of this incident. However, the email accounts that were accessed through this incident contained sensitive personal information including names, dates of birth, address information, telephone numbers, medical record numbers, Social Security numbers, health insurance information, and other clinical/diagnostic information.
Q: How will I know if I am affected by this incident?
On June 19, 2017, Torrance Memorial began mailing notice letters to individuals whose data was present on the affected systems for whom Torrance has address information. Torrance Memorial will continue the notification process should additional individuals be determined to be potentially impacted. In the meantime, if you believe you may be impacted, our dedicated assistance line can be reached at (877) 238-2074, Monday through Friday, 9 am to 7 pm EST (Closed on U.S. observed holidays). Please provide reference number 9995061317 when calling.
Q: Is Torrance Memorial providing impacted individuals access to credit monitoring services?
Yes, Torrance Memorial is providing potentially impacted individuals access to credit monitoring services. Information on these services is included in the notice letter mailed to individuals whose information was on the affected systems for whom Torrance Memorial has address information.