"Washington Health District Suffers Another Data Breach"

A Health District in the State of Washington has made its second data breach announcement of 2022.  Both data breaches at the Spokane Regional Health District (SRHD) occurred when employees fell victim to phishing attacks.  The district confirmed that on January 24, personal data might have been compromised when an unauthorized individual compromised an employee's email account on December 21, 2021.  An internal investigation concluded that while no documents appeared to have been opened, accessed, or downloaded, the attacker may have 'previewed' clients' protected health information (PHI).  The potential disclosure may have affected 1,058 individuals and involved data including names, dates of birth, case numbers, counselor's names, test results and dates of urinalysis, medication received and date of last dose.  After the incident, SRHD's deputy administrative officer stated that the district had secured the email account and reinforced cybersecurity training with staff that contains the use of multi-factor authentication and performing additional testing on the system.  Despite these efforts, SRHD recently reported a second data breach caused by the opening of a phishing email by a district employee on February 24.  This latest breach may have exposed the information of 1,260 individuals from two unidentified departments in the district.  The information which may have been involved in the second breach includes names, dates of birth, phone numbers, medications, medical conditions, and test results. 

Infosecurity reports: "Washington Health District Suffers Another Data Breach"