Notice of Phishing Incident from CSI Laboratories

ALPHARETTA, Ga.--()--On July 8, 2022, Cytometry Specialists, Inc. d/b/a CSI Laboratories (“CSI”), learned that it had been the victim of a phishing attack after a single employee’s individual mailbox was compromised.

Upon learning of the incident, CSI immediately took steps to isolate and secure its systems and investigate the incident. CSI believes the access to a single employee mailbox occurred not to access patient information, but rather as part of an effort to commit financial fraud and redirect customer health care provider payments from CSI to the malicious actor. As part of the investigation, on July 15, 2022, CSI determined that an unauthorized intruder acquired certain files from the affected employee mailbox, including documents that may have contained patient information. Since that time, CSI has been analyzing impacted files to understand what information may have been accessed or acquired by the malicious actor.

The impacted files were all related to invoices sent to CSI health care provider customers. The information in files differed from invoice to invoice, but generally, the files contained patient name and patient number (a unique number assigned to samples). Some impacted files contained more patient information, including date of birth and health insurance information. None of the files contained patient financial account information. Importantly, there was no impact on CSI’s network or information systems, as this intrusion was limited to a single CSI email inbox. At this time, CSI has no facts suggesting that any of the patient information has been used and in most cases, it will be very difficult, if not impossible, for anyone to further use the patient information that was accessed.

CSI engaged a well-known forensic investigation firm to identify the scope of the incident and took steps to further secure its email systems and increase employee awareness and training with respect to phishing attacks. The incident has been reported to law enforcement. CSI continues to closely monitor its network and information systems for unusual activity.

Individuals can call CSI Client Services at 1-800-459-1185 for assistance with questions related to this incident. Representatives are available Monday through Friday from 9 am – 5 pm Eastern Time.

About CSI Laboratories

CSI was founded in 1997 to provide a more client- and patient-focused model of cancer diagnostic testing for pathologists, community hospitals, and their patients. CSI offers flow cytometry, cytogenetic analysis, fluorescence in-situ hybridization (FISH), immunohistochemistry, molecular genetics, next generation sequencing, and consultations to hematopathology and surgical pathology clients. It is operated by medical professionals, providing expert diagnostic testing and rapid turnaround times for clients across the United States. CSI is a CLIA-certified and CAP-accredited cancer reference laboratory located in Alpharetta, GA.

Contacts

Nancy Sterling, APR Fellow, PRSA
ML Strategies
617.348.1811
njsterling@mlstrategies.com

Release Summary

CSI Laboratories issues notice of phishing attack after a single employee's individual mailbox was compromised.

Contacts

Nancy Sterling, APR Fellow, PRSA
ML Strategies
617.348.1811
njsterling@mlstrategies.com