Over 67,000 patients impacted in Charleston Area Medical Centre email breach

West Virginia-based healthcare provider Charleston Area Medical Centre said that the data security incident it suffered last year compromised the sensitive personal information of almost 70,000 individuals.

 

Headquartered in Charleston, West Virginia, CAMC operates multiple hospitals and outpatient facilities for patients across the state.

 

In a data security incident notice posted on its website, CAMC said that on October 2, it discovered that a small number of email users were the subject of a phishing attack. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

It also took steps to terminate any unauthorised access to CAMC’s email system and notified relevant law enforcement authorities about the incident.

 

“Our investigation ultimately concluded that an unauthorised party gained access to a single CAMC user’s email mailbox between October 2, 2024 and October 3, 2024. No other CAMC systems or data storage were impacted by this incident,” reads the notice.

 

The compromised data included names, dates of birth, e-mail addresses, phone numbers, Social Security numbers, driver’s license numbers, health information, and health insurance information.

 

CAMC reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights, stating that it has identified at least 67,413 individuals who were impacted by the incident.

 

“We have taken technical security measures designed to prevent the occurrence of a similar event in the future. We also routinely train our employees on data privacy and cybersecurity issues, and will be conducting additional training related to this incident,” the healthcare provider added.

 

Furthermore, CAMC said it found no evidence of the compromise data being misused, however, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.