The Metro Community Provider Network, which operates 11 health centers in Colorado, said a hacker may have accessed personal health information for about 2,000 patients in December.
Colo. provider reports possible breach
The Englewood, Colo.-based organization said in a Feb. 1 statement on its website that it became aware of the breach on Dec. 5, the day the breach occurred, and has started to notify affected individuals.
The breach occurred when a Metro Community Provider Network employee provided log-in information in response to an e-mail phishing scam. The hacker then gained access to the names, phone numbers, dates of birth, diagnoses and internal account numbers of approximately 2,000 patients.
"Metro Community Provider Network sincerely apologizes for the inconvenience and concern this incident causes," the organization said in the statement on its website. "Information privacy is very important to us and we will continue to do everything that we can to correct this situation and fortify our operational protections for all of our valued customers."
The organization said it has started an investigation and required affected employees to change their passwords and review all e-mails in their accounts.
It also plans to provide annual training to staff about personal health information, schedule education for computer users about phishing threats, and develop policies and procedures to provide sanctions against employees who act "in a manner that poses a risk of breach of information," the Metro Community Provider Network said.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.