Jefferson Healthcare breach possibly affects 2,550 people

Phishing attack hits employee email, not medical, financial records

PORT‌ ‌TOWNSEND — Some 2,550 people may have had personal information taken during a phishing attack on a ‌‌Jefferson‌ ‌Healthcare‌ hospital employee’s email account, according to a hospital spokesperson.

All have been notified.

The attack, which occurred on Nov. 12, did not get into any systems outside the email account, said Amy Yaley, Jefferson Healthcare marketing and communications director, in an email released late Monday.

‌ “At‌ ‌this‌ ‌time,‌ ‌Jefferson‌ ‌Healthcare‌ ‌has‌ ‌a‌ ‌reasonable‌ ‌basis‌ ‌to‌ ‌believe‌ ‌that‌ ‌there‌ ‌has‌ ‌not‌ ‌been‌ ‌any‌ ‌improper‌ ‌access‌ ‌to‌ ‌its‌ electronic‌ ‌medical‌ ‌record‌ ‌system,‌ ‌billing‌ ‌systems,‌ ‌or‌ ‌other‌ ‌systems‌ ‌outside‌ ‌of‌ ‌the‌ ‌affected‌ ‌email‌ ‌account,‌ ‌or‌ ‌that‌ ‌the‌ ‌incident‌ ‌has‌ ‌affected‌ ‌or‌ ‌will‌ ‌affect‌ ‌any‌ ‌patient‌ ‌care,” Yaley’s email said.‌ ‌

Most information was not especially sensitive, but in 84 cases, Social Security numbers or financial information may have been disclosed, she said Tuesday.

‌Jefferson‌ ‌Healthcare‌ ‌has‌ ‌arranged‌ ‌for‌ ‌those people ‌to‌ ‌enroll‌ ‌in‌ ‌a‌ ‌credit‌ ‌monitoring‌ ‌service‌ ‌through‌ ‌Experian‌ ‌at‌ ‌no‌ ‌cost‌ ‌to‌ ‌the‌ ‌individuals, she added.

“Affected‌ ‌individuals‌ ‌should‌ ‌take‌ ‌steps‌ ‌to‌ ‌protect‌ ‌their‌ ‌identity‌ ‌and‌ ‌monitor‌ ‌their‌ ‌credit‌ ‌file,” Yaley said.

The employee whose email account had been attacked responded to what appeared to be a DocuSign document. Then she noticed emails were sent from her address to other people in her address books, Yaley said.

Jefferson Healthcare quickly contacted those 658 people to tell them not to open the document, Yaley said.

At same time, the hospital’s IT crew checked to see if the phishers had penetrated the firewall.

“They did not breach the firewall,” Yaley said, adding that the phishers did not get to financial records.

The computer was taken offline as soon as the breach was discovered. The phishers were in the system for about three days, Yaley said.

The hospital ‌hired‌ ‌two‌ ‌forensic‌ ‌specialist‌ ‌companies‌ ‌to‌ ‌determine‌ ‌the‌ ‌nature‌ ‌and‌ ‌extent‌ ‌of‌ ‌the‌ ‌ unauthorized‌ ‌access‌ ‌and‌ ‌email‌ ‌breach‌ ‌and‌ ‌to‌ ‌determine‌ ‌if‌ ‌personal‌ ‌information‌ ‌was‌ ‌involved, Yaley said.‌ ‌ ‌

The investigators combed through 30,000 .pdf documents and attachments to find everyone who might have been affected. They finished their work in the week between Christmas and New Year’s, Yaley said, and those who were found were sent notice on Monday.

“Based‌ ‌on‌ ‌Jefferson‌ ‌Healthcare’s‌ ‌security‌ ‌practices‌ ‌and‌ ‌investigation‌ ‌of‌ ‌the‌ ‌incident,‌ ‌it‌ ‌is‌ ‌reasonably‌ ‌believed‌ ‌that relatively‌ ‌few‌ ‌documents‌ ‌were‌ ‌likely‌ ‌viewed‌ ‌by‌ ‌the‌ ‌unauthorized‌ ‌parties‌ ‌during‌ ‌their‌ ‌brief‌ ‌access‌ ‌to‌ ‌the‌ ‌affected‌ ‌email account,” she added.

“However,‌ ‌the‌ ‌investigation‌ ‌could‌ ‌not‌ ‌definitively‌ ‌conclude‌ ‌that‌ ‌the‌ ‌unauthorized‌ ‌parties‌ ‌did‌ ‌not‌ ‌access‌ ‌certain information‌ ‌and‌ ‌documents‌ ‌stored‌ ‌in‌ ‌the‌ ‌affected‌ ‌email‌ ‌account.”

Other potentially‌ ‌exposed‌ ‌information‌ included an individual’s‌ ‌full‌ ‌name,‌ ‌date‌ ‌of‌ ‌birth,‌ ‌phone‌ ‌number,‌ ‌home‌ ‌address,‌ ‌health‌ ‌insurance‌ ‌information,‌ ‌certain‌ ‌health‌ information‌ ‌such‌ ‌as‌ ‌dates‌ ‌of‌ ‌service,‌ ‌and‌ ‌diagnosis‌ ‌and‌ ‌treatment‌ ‌information.‌

Yasley also said Jefferson Healthcare has taken preventative measures such as adding ‌anti-fraud‌ ‌technology‌ ‌safeguards‌ ‌and‌ ‌other‌ ‌cybersecurity‌ ‌risk‌ ‌prevention‌ ‌measures; reinforcing‌ ‌education‌ ‌and‌ ‌training‌ ‌for‌ ‌its‌ ‌staff‌ ‌members‌ ‌on‌ ‌how‌ ‌to‌ ‌avoid‌ ‌email‌ ‌phishing‌ ‌schemes‌ ‌and‌ ‌how‌ ‌to‌ ‌properly‌ ‌secure‌ ‌login‌ ‌credentials; and reviewing‌ ‌its‌ ‌policies‌ ‌and‌ ‌procedures‌ ‌to‌ ‌ensure‌ ‌they‌ ‌sufficiently‌ ‌protect‌ ‌against‌ ‌more such ‌incidents.

“Jefferson‌ ‌Healthcare‌ ‌takes‌ ‌individual‌ ‌privacy,‌ ‌and‌ ‌the‌ ‌trust‌ ‌of‌ ‌our‌ ‌community,‌ ‌seriously‌ ‌and‌ ‌has‌ ‌taken‌ ‌immediate‌ ‌steps‌ ‌to‌ ‌enhance‌ ‌our‌ ‌information‌ ‌security‌ ‌systems,” said‌ ‌Brandie‌ ‌Manuel,‌ ‌chief‌ patient‌ safety‌ ‌and‌ quality‌ ‌officer.

“We‌ ‌continue‌ ‌to‌ ‌be‌ ‌vigilant‌ ‌resolving‌ ‌security‌ ‌threats‌ ‌as‌ ‌they‌ ‌are‌ ‌identified‌ ‌and‌ ‌educating‌ ‌our‌ ‌staff‌ ‌members. ‌We‌ ‌are‌ ‌committed‌ ‌to‌ ‌transparency‌ ‌and‌ ‌sincerely‌ ‌apologize‌ ‌to‌ ‌those‌ ‌who‌ ‌have‌ ‌been‌ ‌impacted‌ ‌by‌ ‌this‌ ‌breach.”‌ ‌

It is not known who beached the computer.

“These things (phishing emails) look good. They are very sophisticated,” Yaley said. “All of us are going to have to continue to be more and more aware of what’s out there.

“They are after any information they can get.”


Executive Editor Leah Leach can be reached at 360-417-3530 or at [email protected].

More in News

Three deaths from COVID in Clallam County

North Olympic Peninsula now has lost 91 to virus

Volunteers A.J. Laverty, left, and Marsha Hamacher organize the winter outfits at the Community United Methodist Church’s clothing room. The room is open for free shopping on Saturdays. (Diane Urbani de la Paz/Peninsula Daily News)
Former prosecutor running church resource room

Port Hadlock pastor helps provide food, tents and clothing

Culvert replacement delayed in Port Angeles

Projects will disrupt traffic significantly

Northwest residents urged to stay alert as storms roll in

Weather officials urged Northwest residents to remain alert as more rain was… Continue reading

Toys for Tots collections set across Clallam County

The Mount Olympus Detachment 897 of the Marine Corps… Continue reading

<strong>Matthew Nash</strong>/Olympic Peninsula News Group
Craig Tenhoff prepares to hand off candy canes to place along Diamond Point Road earlier this month as the road was transformed into Holiday Lane. Each year since 2007, residents have lined the road with Christmas decorations for nearly 4 miles starting from the road’s intersection at U.S. Highway 101. About 35 volunteers helped hang ornaments, candy canes and banners.
Community shows Christmas spirit

Craig Tenhoff prepares to hand off candy canes to place along Diamond… Continue reading

Some flooding reported on Peninsula; rain in forecast

Weekend storm doesn’t live up to lofty expectations

Weekly flight operations scheduled

There will be field carrier landing practice operations for aircraft… Continue reading

Most Read