Thousands of patients' data stolen after Children's Mercy employees fall for scam


Platinum Member
Sep 30, 2011
Personal data from more than 60,000 individuals may have been compromised as part of an email phishing scam that targeted Children’s Mercy Hospital employees.

The emails sent to employees gave the appearance they were from a trusted source and often contained links to a phony login page on a fake website, the hospital said. That gave hackers access to the employee accounts if they entered their usernames and passwords.

The compromised data may have included patient names and information, medical record numbers, dates of hospital stays and procedures, diagnoses and conditions and other clinical information, according to a letter sent from Children's Mercy to those affected.

While the hospital posted a notification about the incident on its website in January, families in the area are still getting notices that their information may have been compromised.

When Devin Wilson of Lenexa received a letter from Children's Mercy in the mail earlier this week, he thought it was a bill.

"We do quite a bit of business with Children's Mercy — we've got two kids," Wilson said.

"As parents, our information has been compromised before, things like email passwords or store credit cards once in awhile. But to have our kids' information, potentially health and medical records and other personal information breached is really frustrating. ... Hopefully, just a small thing. Hopefully it's not tens of thousands of patients."

Children's Mercy spokeswoman Lisa Augustine said in an email to The Star: "The hospital identified 63,049 individuals that were potentially affected, which includes a subset of patients. The information involved varied.

"Because the email accounts had a large amount of data that had to be evaluated, we have notified individuals in groups as we progressed through the process. The hospital has taken and continues to take steps to protect against any further incidents. These steps have included the implementation of the additional technical control of multi-factor authentication."
Thousands of patients' data stolen after Children's Mercy employees fall for scam

That is a nightmare.

Forum List
