Skip to main content

Presbyterian Healthcare Services Reports Data Security Breach

Analysis  |  By Jack O'Brien  
   August 28, 2019

Earlier this month, the New Mexico-based system acknowledged that a May "data security incident" affected 183,000 patients.

Presbyterian Healthcare Services (PHS) issued a statement on its website acknowledging a data security incident from early May that affected more than 180,000 patients.

The Albuquerque-based system stated on June 6 that it discovered "anonymous, unauthorized access" was gained through a phishing scam targeting employees around May 9.

PHS added that by accessing the emails, the dates of birth, Social Security numbers, and clinical or health plan information for patients was exposed, which prompted the organization to begin a review process of the impacted emails and contact law enforcement.

Related: What One Hospital Learned From a Ransomware Attack

According to Albuquerque Journal, PHS began mailing letters to members and patients affected by the breach on August 2. The system estimated the incident had an affect on 183,000 patients, or just over one-fifth of its estimated membership. 

PHS offered its apologies in a statement but assured members that the electronic health records and billing system were not affected by the breach.

"We take the responsibility of safeguarding your information very seriously," the PHS statement read. "To help prevent this incident from happening again, Presbyterian is taking several steps and implementing additional security measures to further protect our email system. In addition, all workforce members annually must successfully complete mandatory training about the importance and requirement to safeguard all information."

Related: Cybersecurity is Top Issue for Hospital IT Professionals, Creating New Workforce Dynamics

Data breaches and maintaining system information security continues to be a major concern for provider executives, especially the wake of other major data incidents this year.

Just this week, Massachusetts General Hospital notified nearly 10,000 people that an unauthorized third-party entity accessed their personal information. This breach was first discovered in late June. 

During the fall of 2018, two southern health systems were also hit by major data breaches.

Related: Health Insurers Make It Easy for Scammers to Steal Millions. Who Pays? You.

In September, Atrium Health was notified by its billing services contractor that hackers broke into their database and exposed approximately 2.65 million billing records. While publicly discussing the breach in November, an Atrium spokesperson said that the provider's core systems were not involved in the hack.

In November, the finance director at Hamilton Health Care System in Georgia was persuaded to wire $1.2 million to a fraudster posing as a construction company working for the organization. 

Jack O'Brien is the Content Team Lead and Finance Editor at HealthLeaders, an HCPro brand.

Get the latest on healthcare leadership in your inbox.