"Cancer Testing, Diagnostics Lab Suffers Phishing Attack, 244K Impacted"

Cytometry Specialists, also known as CSI Laboratories, revealed a phishing attack that affected 244,850 people. On July 8, CSI discovered a compromised employee email account. CSI stated that after discovering the incident, it took steps to isolate the email account and investigate the attack. CSI believes the access to that single employee mailbox occurred as part of an effort to commit financial fraud on other entities by redirecting CSI customer healthcare provider payments to an account posing as CSI using a fictitious email address. Because the invoices were not directly billed to patients, CSI believes the malicious actor was attempting to divert invoice payments. On July 15, CSI discovered that an unauthorized party had obtained specific files, including those containing patient information. The files were all related to invoices sent to customers of CSI healthcare providers. Although the information varied depending on the invoice, the files all contained some combination of patient names, sample numbers, birth dates, and health insurance information. This article continues to discuss the phishing attack faced by CSI Laboratories as well as other recent data breaches experienced by Tessie Cleveland Community Services Corp. and Columbia River Mental Health Services (CRMHS). 

HealthITSecurity reports "Cancer Testing, Diagnostics Lab Suffers Phishing Attack, 244K Impacted"