SPOKANE, Wash. — The Spokane Regional Health District (SRHD) reported that they have encountered a data breach of personal health information from a phishing email.
According to SRHD, the breach occurred on Feb. 24, 2022. This is not the first time SRHD has reported a data breach, as the department experienced a similar situation earlier this year.
An internal investigation discovered files containing client protected health information may have been "previewed" by the data thief. The investigation did not find any documents had been opened, accessed or downloaded.
This disclosure affects 1,260 individuals from two departments. The first group, totaling 1,060, may have had the following data viewed:
- First and last names, initials
- Date of birth
- Date in emergency department
- Source of referral
- Provider
- Hospital name
- Diagnosing state
- Whether or not patient was located
- Date located
- Patient risk level
- Staging level
- How medication is being picked up
- Type of test
- Test results
- Treatment
- Medication and reason prescribed
- Meets criteria for expedited partner therapy
- Delivery date (baby)
- Treatment provided (baby)
- Titer (diagnostic)
- Medical referrals
- Client notes
The second group affects 200 people. Data viewed includes:
- First and last names, initials
- Date of birth
- Phone number
- Shelter location
- Test date
- Notes
According to SRHD Deputy Administrative Officer Lola Phillips, the department has responded to mitigate unauthorized disclosure of information in the future by stopping the current breach, ensuring future connections cannot be made, reinforcing current cyber security training with staff that contains the use of multi-factor authentication and performing additional testing on related systems.
“Much like the rest of the state of Washington, SRHD has experienced a record-level spike in phishing emails and malware installation attempts. In this instance, staff fell prey to a phishing scam which exposed confidential information to data thieves,” Phillips said. “We have a strong commitment to safeguard your personal information, and we are working diligently to reduce the likelihood of future events.”
The people whose information was included in the data breach were notified, according to SRHD.