Saltzer Health, a healthcare institution owned by Intermountain Healthcare, advises all its patients that their personal information might have been compromised and exposed after a cyberattack conducted by unauthorised entities obtained access to the institution after stealing an employee’s email account.
The healthcare institution operates 12 clinics and urgent healthcare facilities in different cities in the US, located in major cities of Idaho, such as Nampa, Boise, Caldwell, and Meridian.
Based on the reports, the threat actors had access to a healthcare employee’s email accounts from May 25 to June 1 of last year. The investigation of the cyberattack incident showed that the email account did not contain any sensitive information that was compromised during the data breach.
The cyberattack might have compromised several confidential data stored in Saltzer Health.
However, the researchers believe that the potentially impacted sensitive information from the cyber-attack includes names, contact information, state identification numbers, and driver’s license numbers. Additionally, the threat actors might have compromised sensitive information such as social security numbers and financial account details during the data breach incident.
But the most devastating impact of the breach is the exposure of the patients’ medical information, which can be sold or used by the actors on further attacks. The impacted medical details affected by the data breach include medical history, prescription information, diagnosis, treatment details, health insurance details, and attending physician information.
Although Saltzer Health’s advisory does not give details on the number of impacted persons, the organisation told the US Human Services and Department of Health that approximately 15,000 people were potentially affected by the cyberattack incident.
The organisation said they employed several preventive measures to lessen the risk of data compromise within their system, including resetting the affected email accounts and passwords and monitoring its environment for any unwanted and malicious occurrence.
Furthermore, Saltzer Health recently announced that they had received numerous reports of identity theft or fraud attempts after the data exposure event.
The healthcare organisation said that individuals should stay vigilant against fraud and identity theft incidents by reviewing their explanations of benefits, account statements, and monitoring credit reports for unsolicited activities.
