DUARTE, Calif.--(BUSINESS WIRE)--City of Hope announced today that it is in the process of notifying affected patients of a breach after four staff member email accounts were temporarily accessed following an email phishing incident. At this time, there is no indication that the breach has resulted in any actual acquisition of patient medical information.
The phishing emails were received by City of Hope staff members on May 31, 2017, and June 2, 2017, and limited access to the four email accounts occurred on May 31, June 3 and June 5. It does not appear that the phishing incident targeted patient medical information; instead, it appears the accounts were accessed for the purpose of sending spam emails to other individuals.
Upon recognizing the intrusion, City of Hope took prompt action to secure the affected email accounts to contain the impact and prevent further threats from the intruder. In addition to notifying local law enforcement, City of Hope retained a leading forensic information technology firm to assist with its investigation of the incident.
As part of City of Hope’s investigation of this incident and with assistance of the forensic technology firm, on July 21, 2017, it was determined that three of the affected email accounts included protected health information. This information included patient names, medical record numbers, dates of births, addresses, email addresses, telephone numbers and some clinical information such as diagnoses, tests results and dates of service. With the exception of information relating to one patient, the information in the email accounts did not contain any Social Security numbers. The emails did not contain any credit card information or financial information.
City of Hope maintains a number of technical safeguards designed to protect against phishing incidents and to detect intrusions. City of Hope also requires mandatory cybersecurity training of all workforce members. As a part of the investigation of this incident, City of Hope is evaluating its systems and processes to further strengthen its safeguards to protect against such incidents.
City of Hope has notified the Department of Health and Human Services, Office for Civil Rights and state agencies of this incident as required by law.
City of Hope takes great care to protect patient privacy and regrets any concern or inconvenience this incident may have caused affected patients. City of Hope has set up a toll-free hotline, 855-205-6937, to answer any questions.
About City of Hope
City of Hope is an independent research and treatment center for cancer, diabetes and other life-threatening diseases. Designated as one of only 48 comprehensive cancer centers, the highest recognition bestowed by the National Cancer Institute, City of Hope is also a founding member of the National Comprehensive Cancer Network, with research and treatment protocols that advance care throughout the world. City of Hope is located in Duarte, California, just northeast of Los Angeles, with community clinics throughout Southern California. It is ranked as one of "America's Best Hospitals" in cancer by U.S. News & World Report. Founded in 1913, City of Hope is a pioneer in the fields of bone marrow transplantation, diabetes and numerous breakthrough cancer drugs based on technology developed at the institution. For more information about City of Hope, follow us on Facebook, Twitter, YouTube or Instagram.