According to the report, two employee emails were targeted during an email phishing cyberattack discovered April 6.
After confirming the data was compromised, the ASC secured computer systems, reset passwords and conducted an investigation with a third party. The investigation showed that the unauthorized party had access to the emails from February 14 to May 10, a month after the breach was discovered. The source of the breach was not identified until September.
Patient names, Social Security numbers, driver’s license numbers, health benefit enrollment information, health insurance information, medical history, patient account numbers and dates of service were compromised. The ASC notified patients of the breach Oct. 31.
