Health Quest announced that it’s begun notifying patients whose information might have been exposed in a phishing incident.
According to its website notice, Health Quest first learned of the incident in July 2018 when several employees fell for a phishing attack and thereby inadvertently disclosed their email account credentials to an unauthorized party.
The Hudson Valley-based group of nonprofit hospitals and healthcare providers responded by securing the compromised email accounts and retaining a digital security firm to assist with an investigation into what happened. It also sent some notification letters in May 2019.
However, further investigation revealed that some emails and attachments in the then-compromised email accounts might have contained the information of current and former patients as well as employees. That information varied by individual but might have included victims’ names, dates of birth, Social Security Numbers, driver’s license numbers, health insurance details and payment card data.