More than 500 Summa Health patients’ information at risk after possible data breach
AKRON, Ohio – More than 500 patient medical records and other personal information are at-risk as a result of an email phishing incident that targeted Summa Health employees.
The Akron-based health system announced Friday it is sending letters to patients whose information may have been accessed by an “unauthorized person” who gained control of employee email accounts.
On May 1, Summa Health learned that an outside party gained access to a “limited number” of employee email accounts. Phishing refers to emails that look legitimate and ask people to click on links or input personal information, which can compromise security.
Two employee email accounts were accessed in August 2018, and two others were accessed between March 11 and March 29, the health system said.
After securing the accounts, Summa Health hired a computer forensic firm and began an investigation. The investigation was not able to determine whether the unauthorized person actually viewed any emails or attachments.
The emails and attachments contained patient names, dates of birth, medical records, patient account numbers, clinical and treatment information for more than 500 patients, Summa Health spokesman Jim Gosky told cleveland.com. Not all Summa patients are affected.
For a “small subset of patients,” the accounts also contained health insurance information, Social Security numbers and driver’s license numbers.
When asked why the health system, which learned about the breach on May 1, did not alert patients until the end of June, Gosky said, “As soon as we learned of the unauthorized access, we worked diligently to investigate the incident. This process was time and labor-intensive and we wanted to be certain about who may have been impacted and what information was involved.”
Summa Health recommends patients review statements from their healthcare providers and health insurers.
“If they see services that the patient did not receive, they should contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email accounts, Summa Health is offering complimentary credit monitoring and identity protection services," the health system said.
Anyone with questions can call 1-855-657-2227, Monday through Friday, between 8 a.m. and 5 p.m.
“To help prevent something like this from happening in the future, Summa Health is reinforcing employee training on privacy and security and is instituting additional security measures throughout the health system,” Summa said.
Want more Akron news? Sign up for cleveland.com’s Rubber City Daily, an email newsletter delivered at 5:30 a.m. Monday through Friday.
Gloss