Verity Health System, a six medical clinic operation in Redwood City, California, has informed an undisclosed number of people that their information may have been accessed due to phishing. Through these phishing attempts, attackers were able to obtain three employee emails that had messages and attachments contained within them. Other emails included patient names, treatment methods, medical conditions, insurance policy numbers, and billing codes.

The attachments that were included had information such as subscriber numbers, dates of birth, patient identification numbers, addresses, and phone numbers. There were a limited amount of social security numbers and driver’s license numbers included as well.

Access to the email accounts have now been disabled and the services were also removed from the network. Any unauthorized emails that may have been sent from the accounts were also deleted. Law enforcement has been made aware and employees are now required to take a mandatory training module.

To see threat analysts notes and recommendations, sign up for Threat Watch by Binary Defense to receive daily threat intel.