Application security, Breach, Data Security

The Oregon Clinic patient PHI exposed via email breach

Share

The Oregon Clinic discovered on March 9 that an unauthorized third party had accessed an email account possibly exposing the personal health information for some of its patients.

The clinic, which offers a wide variety of health-related services, investigated the incident and on April 19 determined that the incident only affected a single email account and the hacker did not gain access to any other part of the clinic's network. The breach possibly revealed names, dates of birth, and certain medical information to include medical record numbers, diagnosis information, medical condition, diagnostic tests performed, prescription information, and/or health insurance information. In addition, some people may have had their Social Security numbers exposed.

The organization did not say how many people were affected, but The Oregon Clinic states on its website it handles about 420,000 annually.

The clinic reported it is now in the process of notifying the patients involved and is offering these people free credit monitoring services. 

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds