Alerts:  Nov. 12, 2024: Pertussis (whooping cough) outbreak confirmed in Spokane County. SRHD urges parents and pregnant people to vaccinate. Read the press release.

SRHD News

Notice of Release of Personal Information Due to Unauthorized Breach

Notice of Release of Personal Information Due to Unauthorized Breach

Jan 24, 2022

Kelli Hawkins, SRHD | khawkins@srhd.org | 509.324.1539, c 509.994.8968


SRHD Apologizes and Commits to Corrective Actions

Spokane, Wash. - This past week, Spokane Regional Health District (SRHD) confirmed personal data may have been disclosed after the discovery of an unauthorized breach of personal health information via a phishing email, occurring on Dec. 21, 2021.

SRHD Information Technology (IT) staff were immediately alerted to the possible phishing attempt. An internal investigation which concluded this past week, discovered files containing client protected health information may have been “previewed” by the data thief. The investigation did not find any documents had been opened, accessed, or downloaded.

The potential disclosure affects 1,058 individuals and includes:

  • First and last name
  • Date of birth
  • Case number
  • Counselor’s name
  • Results and dates of urinalysis
  • Medication received and date of last dose
  • Action taken, if any

According to Lola Phillips, SRHD deputy administrative officer, SRHD has implemented appropriate corrective actions to mitigate unauthorized disclosure of information in the future by immediately stopping the current breach and ensuring a future connection cannot be made, reinforcing current cyber security training with staff that contains the use of multifactor authentication, and performing additional testing on the system.

“We are very sorry we were unable to prevent access to our system. In this instance, staff fell prey to a phishing scam which exposed confidential information to data thieves and caused undue stress on our clients,” Phillips said. “We have a strong commitment to safeguard your personal information, and we are working diligently to ensure that it does not happen again.”

Notification was provided to those whose information was included in the potential disclosure. No Social Security numbers or financial information were noted on any of the documents, however those affected are encouraged to monitor their bank accounts and report any suspicious activity immediately. In addition, Explanation of Benefits (EOB) from the insurance companies should be monitored for possible ID theft activities.

“We are committed to protecting the information of our clients and sincerely apologize for this incident,” Phillips said.

Additional questions or requests for information can be requested through SRHD’s Privacy Officer:

  • (509) 324-1439 (Toll free: 800-854-9173)
  • prhoades@srhd.org
  • Mail to: Spokane Regional Health District
    Attn. Privacy Officer
    1101 W. College Ave.
    Spokane, WA 99201