Jefferson Healthcare breach possibly affects 2,550 people

Phishing attack hits employee email, not medical, financial records

PORT‌ ‌TOWNSEND — Some 2,550 people may have had personal information taken during a phishing attack on a ‌‌Jefferson‌ ‌Healthcare‌ hospital employee’s email account, according to a hospital spokesperson.

All have been notified.

The attack, which occurred on Nov. 12, did not get into any systems outside the email account, said Amy Yaley, Jefferson Healthcare marketing and communications director, in an email released late Monday.

‌ “At‌ ‌this‌ ‌time,‌ ‌Jefferson‌ ‌Healthcare‌ ‌has‌ ‌a‌ ‌reasonable‌ ‌basis‌ ‌to‌ ‌believe‌ ‌that‌ ‌there‌ ‌has‌ ‌not‌ ‌been‌ ‌any‌ ‌improper‌ ‌access‌ ‌to‌ ‌its‌ electronic‌ ‌medical‌ ‌record‌ ‌system,‌ ‌billing‌ ‌systems,‌ ‌or‌ ‌other‌ ‌systems‌ ‌outside‌ ‌of‌ ‌the‌ ‌affected‌ ‌email‌ ‌account,‌ ‌or‌ ‌that‌ ‌the‌ ‌incident‌ ‌has‌ ‌affected‌ ‌or‌ ‌will‌ ‌affect‌ ‌any‌ ‌patient‌ ‌care,” Yaley’s email said.‌ ‌

Most information was not especially sensitive, but in 84 cases, Social Security numbers or financial information may have been disclosed, she said Tuesday.

‌Jefferson‌ ‌Healthcare‌ ‌has‌ ‌arranged‌ ‌for‌ ‌those people ‌to‌ ‌enroll‌ ‌in‌ ‌a‌ ‌credit‌ ‌monitoring‌ ‌service‌ ‌through‌ ‌Experian‌ ‌at‌ ‌no‌ ‌cost‌ ‌to‌ ‌the‌ ‌individuals, she added.

“Affected‌ ‌individuals‌ ‌should‌ ‌take‌ ‌steps‌ ‌to‌ ‌protect‌ ‌their‌ ‌identity‌ ‌and‌ ‌monitor‌ ‌their‌ ‌credit‌ ‌file,” Yaley said.

The employee whose email account had been attacked responded to what appeared to be a DocuSign document. Then she noticed emails were sent from her address to other people in her address books, Yaley said.

Jefferson Healthcare quickly contacted those 658 people to tell them not to open the document, Yaley said.

At same time, the hospital’s IT crew checked to see if the phishers had penetrated the firewall.

“They did not breach the firewall,” Yaley said, adding that the phishers did not get to financial records.

The computer was taken offline as soon as the breach was discovered. The phishers were in the system for about three days, Yaley said.

The hospital ‌hired‌ ‌two‌ ‌forensic‌ ‌specialist‌ ‌companies‌ ‌to‌ ‌determine‌ ‌the‌ ‌nature‌ ‌and‌ ‌extent‌ ‌of‌ ‌the‌ ‌ unauthorized‌ ‌access‌ ‌and‌ ‌email‌ ‌breach‌ ‌and‌ ‌to‌ ‌determine‌ ‌if‌ ‌personal‌ ‌information‌ ‌was‌ ‌involved, Yaley said.‌ ‌ ‌

The investigators combed through 30,000 .pdf documents and attachments to find everyone who might have been affected. They finished their work in the week between Christmas and New Year’s, Yaley said, and those who were found were sent notice on Monday.

“Based‌ ‌on‌ ‌Jefferson‌ ‌Healthcare’s‌ ‌security‌ ‌practices‌ ‌and‌ ‌investigation‌ ‌of‌ ‌the‌ ‌incident,‌ ‌it‌ ‌is‌ ‌reasonably‌ ‌believed‌ ‌that relatively‌ ‌few‌ ‌documents‌ ‌were‌ ‌likely‌ ‌viewed‌ ‌by‌ ‌the‌ ‌unauthorized‌ ‌parties‌ ‌during‌ ‌their‌ ‌brief‌ ‌access‌ ‌to‌ ‌the‌ ‌affected‌ ‌email account,” she added.

“However,‌ ‌the‌ ‌investigation‌ ‌could‌ ‌not‌ ‌definitively‌ ‌conclude‌ ‌that‌ ‌the‌ ‌unauthorized‌ ‌parties‌ ‌did‌ ‌not‌ ‌access‌ ‌certain information‌ ‌and‌ ‌documents‌ ‌stored‌ ‌in‌ ‌the‌ ‌affected‌ ‌email‌ ‌account.”

Other potentially‌ ‌exposed‌ ‌information‌ included an individual’s‌ ‌full‌ ‌name,‌ ‌date‌ ‌of‌ ‌birth,‌ ‌phone‌ ‌number,‌ ‌home‌ ‌address,‌ ‌health‌ ‌insurance‌ ‌information,‌ ‌certain‌ ‌health‌ information‌ ‌such‌ ‌as‌ ‌dates‌ ‌of‌ ‌service,‌ ‌and‌ ‌diagnosis‌ ‌and‌ ‌treatment‌ ‌information.‌

Yasley also said Jefferson Healthcare has taken preventative measures such as adding ‌anti-fraud‌ ‌technology‌ ‌safeguards‌ ‌and‌ ‌other‌ ‌cybersecurity‌ ‌risk‌ ‌prevention‌ ‌measures; reinforcing‌ ‌education‌ ‌and‌ ‌training‌ ‌for‌ ‌its‌ ‌staff‌ ‌members‌ ‌on‌ ‌how‌ ‌to‌ ‌avoid‌ ‌email‌ ‌phishing‌ ‌schemes‌ ‌and‌ ‌how‌ ‌to‌ ‌properly‌ ‌secure‌ ‌login‌ ‌credentials; and reviewing‌ ‌its‌ ‌policies‌ ‌and‌ ‌procedures‌ ‌to‌ ‌ensure‌ ‌they‌ ‌sufficiently‌ ‌protect‌ ‌against‌ ‌more such ‌incidents.

“Jefferson‌ ‌Healthcare‌ ‌takes‌ ‌individual‌ ‌privacy,‌ ‌and‌ ‌the‌ ‌trust‌ ‌of‌ ‌our‌ ‌community,‌ ‌seriously‌ ‌and‌ ‌has‌ ‌taken‌ ‌immediate‌ ‌steps‌ ‌to‌ ‌enhance‌ ‌our‌ ‌information‌ ‌security‌ ‌systems,” said‌ ‌Brandie‌ ‌Manuel,‌ ‌chief‌ patient‌ safety‌ ‌and‌ quality‌ ‌officer.

“We‌ ‌continue‌ ‌to‌ ‌be‌ ‌vigilant‌ ‌resolving‌ ‌security‌ ‌threats‌ ‌as‌ ‌they‌ ‌are‌ ‌identified‌ ‌and‌ ‌educating‌ ‌our‌ ‌staff‌ ‌members. ‌We‌ ‌are‌ ‌committed‌ ‌to‌ ‌transparency‌ ‌and‌ ‌sincerely‌ ‌apologize‌ ‌to‌ ‌those‌ ‌who‌ ‌have‌ ‌been‌ ‌impacted‌ ‌by‌ ‌this‌ ‌breach.”‌ ‌

It is not known who beached the computer.

“These things (phishing emails) look good. They are very sophisticated,” Yaley said. “All of us are going to have to continue to be more and more aware of what’s out there.

“They are after any information they can get.”

________

Executive Editor Leah Leach can be reached at 360-417-3530 or at lleach@peninsuladailynews.com.

More in News

Weekly flight operations scheduled

There will be field carrier landing practice operations for aircraft… Continue reading

Navy training exercise to be conducted Thursday

Naval Magazine Indian Island will conduct a security training… Continue reading

North Olympic Library System public service specialist Jessica Raivo transfers books from the stacks to a cart on Saturday at the Sequim Public Library for eventual transport to a temporary library building. The current library on North Sequim Avenue is slated for renovation and expansion with library services slated to resume on April 1 at 609 W. Washington St., next to Fifth Avenue Furniture, in the storefront that was previously Brian’s Sporting Goods. (Keith Thorpe/Peninsula Daily News)
Book transfer

North Olympic Library System public service specialist Jessica Raivo transfers books from… Continue reading

Jefferson County is eying short-term rental regulations

Feedback to be presented to Planning Commission

Clallam PUD seeking faster solution for West End outages

County commissioners, coalition support idea of expanded right of way

From left to right, Sean Coleman, Colleen Robinson, Brown Maloney and Todd Ortloff display the awards they earned Friday during the annual gala of the Clallam County Economic Development Council at Field Arts & Events Hall in Port Angeles (Lorie Fazio/Clallam County EDC)
Coleman named Olympic Leader of the Year at EDC gala

Habitat for Humanity, Radio Pacific also win awards during event

Historic bell missing from Camp Parsons

Property crime up in Brinnon area, director says

Casey and Karen Proud, both of Sequim, look at a selection of St. Patrick’s Day hats and other souvenirs for participating in Saturday’s Shamrock Shuffle & Pub Crawl in downtown Port Angeles. The event, a benefit for the Hurricane Ridge Winter Sports Education Foundation, allowed crawlers to receive six tasting tokens for libations at participating bars and restaurants in the downtown area with a drawing for additional prizes. Numerous downtown businesses also offered sale discounts for purchases during the crawl. (Keith Thorpe/Peninsula Daily News)
Winter sports benefit in Port Angeles

Casey and Karen Proud, both of Sequim, look at a selection of… Continue reading

U.S. Rep. Derek Kilmer, right, discusses emergency services on Thursday during a roundtable session with emergency managers from across the region, including Clallam County Sheriff Brian King, left, and Clallam County Administrator Todd Mielke in Port Angeles. (Keith Thorpe/Peninsula Daily News)
Clallam seeks additional funds for emergency operations center

Administrator says $10 million still needed for proposed project

More than 100 educators appeared at Thursday’s Port Angeles School District board meeting to show their support for paraeducators, who are seeking a 3.7 percent pay raise and have been working without a contract since Aug. 31. (Paula Hunt/Peninsula Daily News)
Paraeducators fill school board meeting

Labor group asking for same raise teachers received

Committee forms to support Quilcene school levy

Lack of communication cited for failed vote

Herb Beck Marina improvements in the works

New concrete boat launch among the plans