Data breach exposes state hospital patients' info
The Oregon Health Authority said Monday, May 13, that some State Hospital patients' information may have been exposed to hackers a week ago in an email phishing attack.
State officials said information was breached on May 6 when a state hospital employee opened a suspicious email that turned out to be a spear-phishing attack. The breach exposed the employee's credentials to hackers.
The Health Authority said patients' protected health information, such as names, dates of birth, medical record numbers, diagnoses and treatment care plans, may have been exposed. A state investigation found that the email box does not contain any other type of protected information.
State officials have not released information about the number of patient records involved in the breach. In a May 13 press release, the Health Authority said it "cannot confirm that any patients' personal information was copied from its email system or used inappropriately. However, it is notifying the public because protected health information was accessible to an unauthorized person or persons."