Cyber Incident Victim: The Oregon Clinic
Date:
Mar 2018
Location:
United States of America
Summary
An unauthorized third party accessed an employee email account at The Oregon Clinic, prompting immediate account deactivation and an investigation with cybersecurity experts. The breach was confined to a single email account, with no broader system compromise. Protected health information potentially exposed included patient names, dates of birth, medical record numbers, diagnoses, test results, prescription details, and insurance information, while Social Security numbers were compromised for a limited subset. The organization notified affected individuals, provided protective guidance, and implemented measures to prevent recurrence, emphasizing collaboration with forensic specialists throughout the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 9, 2018, The Oregon Clinic discovered unauthorized third-party access to a single employee email account within its information systems. The organization promptly disabled the compromised account to terminate further access and initiated an investigation with the assistance of cybersecurity specialists, including a digital forensics firm. The investigation confirmed the breach was isolated to the targeted email account, with no evidence of compromise to other components of The Oregon Clinic's network or electronic health record systems. During the initial response phase, the clinic focused on securing the account and assessing potential vulnerabilities that enabled the intrusion, though specific technical details of the attack vector were not publicly disclosed.
The forensic investigation concluded on April 19, 2018, revealing that protected health information (PHI) within the email account may have been accessed or exfiltrated. Affected data included patient names, dates of birth, medical record numbers, diagnosis details, medical conditions, diagnostic test information, prescription records, and health insurance details. A limited subset of patients also had Social Security numbers exposed. The Oregon Clinic began notifying impacted individuals on April 19, establishing a dedicated toll-free number (833-219-9088) and informational webpage (oregonclinic.com/dataincident) to facilitate enrollment in protective services and provide incident details. Patients were advised to monitor their credit reports and follow recommended identity protection measures outlined in notification letters. CEO Scot Gudger publicly affirmed the clinic's commitment to patient data security, citing collaboration with cybersecurity experts to remediate the incident and implement preventive measures against future breaches. The incident affected one of Oregon's largest specialty medical practices, which serves approximately 485,000 patients annually across 59 locations in the Pacific Northwest.