Notice of Release of Personal Information Due to Unauthorized Breach
Media Contact: Kelli Hawkins | khawkins@srhd.org | (509) 324-1539, c (509) 994-8968
SRHD Apologizes and Commits to Corrective Actions
Spokane, Wash. - This past week, Spokane Regional Health District (SRHD) confirmed personal data may have been disclosed after the discovery of an unauthorized breach of personal health information via a phishing email, occurring on February 24, 2022. SRHD Information Technology (IT) staff were alerted to a possible phishing attempt. An internal investigation which concluded this past week, discovered files containing client protected health information may have been “previewed” by the data thief. The investigation did not find any documents had been opened, accessed, or downloaded.
| The potential disclosure affects 1,260 individuals from two departments. The first group of individuals, totaling 1,060 people, may have had the following data viewed: | |
|---|---|
| First and last names, initials Date of birth Date in emergency department Source of referral Provider Hospital name Diagnosing state Whether or not patient was located Date located Patient risk level Staging level How medication is being picked up | Type of test Test results Treatment Medication and reason prescribed Meets criteria for expedited partner therapy Delivery date (baby) Treatment provided (baby) Titer (diagnostic) Medical referrals Client notes |
| The second group affects 200 people and data viewed includes: | |
| First and last names, initials Date of birth Phone number Shelter location Test date Notes | |
According to Lola Phillips, SRHD Deputy Administrative Officer, SRHD has implemented appropriate corrective actions to mitigate unauthorized disclosure of information in the future by stopping the current breach, ensuring future connections cannot be made, reinforcing current cyber security training with staff that contains the use of multifactor authentication, and performing additional testing on related systems.
“Much like the rest of the state of Washington, SRHD has experienced a record-level spike in phishing emails and malware installation attempts. In this instance, staff fell prey to a phishing scam which exposed confidential information to data thieves,” Phillips said. “We have a strong commitment to safeguard your personal information, and we are working diligently to reduce the likelihood of future events.”
Notification was provided to those whose information was included in the potential disclosure. No Social Security numbers or financial information were noted on any of the documents, however those affected are encouraged to monitor their bank accounts and report any suspicious activity immediately. In addition, the Explanation of Benefits (EOB) from the insurance companies should be monitored for possible ID theft activities.
“We are committed to protecting the information of our clients and sincerely apologize for this incident,” Phillips said.
Additional questions or requests for information can be requested through SRHD’s Privacy Officer:
- (509) 324-1439 (Toll free: 800-854-9173)
- jmontiel@srhd.org
- Mail to: Spokane Regional Health District
Attn. Privacy Officer
1101 W. College Ave.
Spokane, WA 99201