Phishing Incident Compromises Columbus Community Hospital Patient PHI

A phishing attack at a business associate of Columbus Community Hospital in Columbus, Wisconsin, has compromised the PHI of an unknown number of patients. 

Columbus Community Hospital was notified of the breach on April 8, 2019, by OS, Inc., a claims management service provider and business associate (BA) to the hospital. According to the BA, the unauthorised individual gained access to the email account of one of its employees through a successful phishing attack. The hacker may have viewed patient information during the period in which they had access to the account.

The information in the compromised account includes names, hospital account numbers, insurer names, summaries of charges, and categories of service. A limited number of patients also had their insurance ID number and Social Security number exposed.

Although investigators did not find evidence suggesting that any unauthorised individuals had accessed, downloaded, or altered the PHI, they could not rule out the possibility. Therefore, out of an abundance of caution, Columbus Community Hospital is notifying patients of the breach, as per HIPAA’s Breach Notification Rule.

OS Inc. provides claims management services to several hospitals, but it is yet unknown whether the breach was limited to Columbus Community Hospital or if patients of other hospitals have also been affected.

The breach has yet to appear on the HHS’ Office for Civil Rights website, so it is unknown how many individuals have been affected.

In a statement, Columbus Community Hospital CEO John Russell said: “The hospital takes the privacy and security of its patient information very seriously, and ensures that its business associates do as well. We will continue to ensure that OS does all that it can do to work with our patients whose personal information may have been compromised and help them work through the process. We regret that this incident has occurred, and we are committed to work with our business partners to prevent future such occurrences. We appreciate our patients’ support during this time.”