Presbyterian Healthcare Services is informing 183,000 of its patients and health plan members that their PII was compromised after an employee fell victim to a phishing scam.
While the Albuquerque, N.M.-based Presbyterian began sending letters to those affected earlier this month, this is the first time the full extent of the data breach has been released.
“At this time, it is estimated that data involving
approximately 183,000 patients and health plan members may have been affected,
and more may be identified and notified in the coming weeks. While our
investigation is ongoing, we want to stress that we have no evidence indicating
that any patient or member data has been used in any way and there was no
access to our electronic health record or billing systems,” said Dale Maxwell,
president and CEO of Presbyterian Healthcare Services.
The data breach, which was made public on August 2, was
discovered on June 6 when the organization realized unauthorized access had
been gained though a phishing attack sometime before May 9. The email accounts
that were accessed contained patient and/or health plan member names and might
have contained dates of birth, Social Security numbers and clinical and/or
health plan information.