Cancer Testing, Diagnostics Lab Suffers Phishing Attack, 244K Impacted

October 10, 2022 - Cytometry Specialists, known as CSI Laboratories, disclosed a phishing attack that impacted 244,850 individuals. On July 8, CSI discovered that an employee email account had been compromised.

After discovering the incident, CSI said it took steps to isolate the email account and investigate the attack.

“We believe the access to a single employee mailbox occurred not to access patient information, but rather as part of an effort to commit financial fraud on other entities by redirecting CSI customer health care provider payments to an account posing as CSI using a fictitious email address,” CSI stated in a notice to patients.

“The invoices were not directly billed to patients. Thus, we believe that the malicious actor was seeking to divert invoice payments.”

On July 15, CSI determined that the unauthorized party managed to acquire certain files, including those containing patient information. The files were all related to invoices sent to CSI healthcare provider customers.

Although the information differed by invoice, the files contained some combination of patient names, sample numbers, birth dates, and health insurance information.

“At this time, we have no facts suggesting that any of the patient information has been used and, in most cases, it will be very difficult, if not impossible, for anyone to further use the patient information that was accessed,” CSI stated.

“Accordingly, we do not believe that you need to take any steps at this time to protect your information.”

CA Mental Health Clinic Experiences Breach

Tessie Cleveland Community Services Corp., a mental health clinic based in California, disclosed a breach to 9,747 individuals.

An unknown individual accessed information contained in some employee email accounts between June 17 and June 30. Tessie discovered the breach on June 30.

“Based on our investigation, this incident was likely an attempt to commit business fraud against Tessie. We don’t believe the intent was to take a particular person’s information,” the organization stated.

“However, in an abundance of caution, we reviewed the contents of the email accounts and identified client information, including names, demographic information, health insurance identification numbers, limited information regarding care at Tessie, and in some instances, Social Security numbers.”

Tessie Cleveland Community Services Corp. said it was working on further securing its email and network environment.

Columbia River Mental Health Services Suffers Email Security Incident

Vancouver, Washington-based Columbia River Mental Health Services (CRMHS) suffered a nearly year-long breach from May 2021 to April 2022, the organization said.

CRMHS “determined that there was unauthorized access” to certain email accounts, but said it could not confirm whether information relating to specific individuals was actually accessed.

The information in the email accounts included names, addresses, Social Security numbers, medical information, usernames and passwords, dates of birth, driver’s license numbers, and financial account information.

CRMHS is mailing notification letters to impacted individuals.