Hillsboro hospice service warns of data breach
A Hillsboro hospice center is warning patients that a recent security breach may have allowed the personal health information of patients to fall into the wrong hands.
Care Partners Hospice and Palliative, a nonprofit hospice care service based in Tanasbourne, said Friday that officials had discovered one of its employee's email accounts had been compromised on April 11. The company said the private health information of some patients may have been accessed.
"The privacy and protection of patient information is a top priority for Care Partners, which deeply regrets any inconvenience or concern this incident may cause," the company said in a statement released Friday.
The nonprofit provides hospice and palliative care to patients across the Portland area. According to Lindsay Nickle, Care Partners' attorney, the breach may have impacted as many as 600 patients.
Nickle said the company has spent the last month conducting an internal investigation into the matter.
That investigation, led by a third-party cybersecurity company, indicates that emails from the account may have been accessed without authorization. Nickle said credentials to the email account were stolen and used to log into the account maliciously.
"Some of those emails may have contained patient personal information," the company said. "However, there is no evidence of the misuse of any information potentially involved in this incident."
The organization — formerly Hospice & Palliative Care of Washington County — said letters were mailed to impacted patients on Friday, May 25.
Care Partners has established a call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 8 a.m. to 5 p.m. at 1-800-939-4170.
The organization said it will offer identity protection services to impacted patients for free "out of an abundance of caution."
Care Partners officials say the organization will strengthen security measures and ensure its systems and networks are secure.
"Upon learning of this incident, Care Partners immediately reset the passwords for all employee email accounts and set up an additional layer of authentication for email access," the nonprofit said.