Breaking News
More () »

Names, birthdates, social security numbers part of health care cyber attack

The hack stemmed from an employee mistakenly opening an email that turned out to be a phishing scam, according to the Catawba Valley Medical Center.

HICKORY, N.C. — A recent cyber attack at Catawba Valley Medical Center in Hickory impacted 20,000 patients, according to records from the U.S. Department of Health and Human Services.  

Hospital officials said patient names, birthdates, social security numbers, and health information were compromised. 

A spokesman for Catawba Valley Medical Center said they’ve sent letters to all the patients affected. Now the hospital is taking action to prevent it from happening again.

The cyber attack happened after an employee mistakenly opened the wrong email, which turned out to be a phishing scam, according to the Catawba Valley Medical Center.

Cybersecurity experts said a breach can happen whenever someone clicks on a bad link or uses a weak password.

“That’s where the responsibility lies on your shoulders to make sure you've done everything you can to be as secure as possible,” a cybersecurity expert said.

Catawba Valley Medical Center said three employee email accounts were hacked between July and August of 2018. The incident was reported to the U.S. Health and Human Services Department in October, according to the department’s website. 

“Your personal information, your financial information is the new currency,” a CMPD sergeant previously told NBC Charlotte.

RELATED: Atrium Health: Hackers accessed personal data of over 2 million people

This was the second major breach at a local hospital in the past few months.

In November, NBC Charlotte reported about more than 2.5 million Atrium Health patients were affected after the company's billing provider was hacked.

Catawba Valley Medical Center said there’s no indication the emails have been misused at this point. 

However, the hospital has taken several steps to improve cybersecurity in the future, including hiring security experts to train employees, tighter email controls, and upgraded software and hardware to combat malicious threats.

The hospital also said it’s providing one-year complimentary credit monitoring and identity protection services for anyone whose social security numbers may have been compromised.

The Better Business Bureau said if you’re concerned, contact one of the three credit reporting agencies: Equifax, TransUnion, and Experian. 

Another option is to freeze your credit to lock out scammers. However, just keep in mind, it can be a hassle to unfreeze if you’re applying for credit.

Before You Leave, Check This Out