Doctors Community Medical middle in Maryland is notifying an unreported number of patients whose protected health information was potentially compromised by a phishing incident. in January, the center noticed unusual network action in its payroll system. Their investigation revealed that a number of employees had fallen for a phishing attempt and that the attacker(s) had access to employee email accounts between november 6, 2019 and january 30. in their notification, they explain: as part of the investigation, officials determined that some of the email accounts contained data sheets with patient demographic information. while not the same for all impacted patients, the patient information contained in the emails included: name, address, date of birth, Social Security Number, driver’s license, military recognition number, financial account information, handling information/diagnosis, prescription information, provider name, medical record number/patient ID, Medicare/Medicaid number, health insurance information, handling cost information, and access credentials. Although the center claims it has no evidence that any email was actually accessed, they are notifying patients out of the proverbial “abundance of caution,” and As an added precaution, we are also offering complimentary citation monitoring and identity restitution services to those affected. You can show their full notification on their website. The incident is not yet posted to HHS’s public breach tool.