Vancouver-based Southwest Washington Regional Surgery Center informed 2,393 patients Nov. 6 about an email phishing attack that compromised their protected health information.
Here's what you should know:
1. The phishing attack affected one employee's email inbox between May 27 and Aug. 13, according to a notice on the center's website.
2. The affected email account contained some protected health information, including patients' names, Social Security numbers, driver's license numbers and/or medical information. Some patients' credit card numbers were also stored in the account.
3. SWRSC discovered the breach Sept. 25 after launching an investigation and reviewing the employee's emails, and the Oregon Attorney General's Office was notified.
4. The incident doesn't affect all SWRSC patients. The center doesn't have evidence any of the information was misused.
5. To minimize the risk of a similar incident, SWRSC has updated passwords and enhanced email access protocols. It is offering a free credit monitoring and identity theft restoration services to patients whose Social Security numbers and/or driver's licenses were compromised.
A representative of SWRSC could not be reached for comment at the time of publication.