Cyber Incident Victim: Doctors Community Medical Center
Date:
Nov 2019
Location:
United States of America
Summary
Doctors Community Medical Center experienced a phishing incident where attackers gained unauthorized access to employee email accounts over several months, compromising sensitive patient information. The investigation revealed exposed data included demographic details, Social Security numbers, financial and medical treatment information, insurance data, and government identifiers. While no evidence confirmed actual misuse of the emails, the organization proactively notified affected individuals and offered complimentary credit monitoring and identity restoration services as a precautionary measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Doctors Community Medical Center in Maryland detected unusual network activity within its payroll system in January 2020, prompting an investigation into potential security issues. The inquiry revealed that multiple employees had fallen victim to a phishing attack, enabling unauthorized actors to access employee email accounts over an extended period from November 6, 2019, through January 30, 2020. During this 11-week timeframe, attackers maintained persistent access to compromised email accounts. The medical center's forensic analysis confirmed that some accessed email accounts contained attached data sheets housing patient demographic and clinical information. While investigators found no definitive evidence that attackers actually viewed or exfiltrated emails containing protected health information, the confirmed access to accounts storing sensitive data triggered regulatory notification requirements.
The compromised email accounts contained varied combinations of patient information including full names, physical addresses, dates of birth, Social Security Numbers, driver's license details, military identification numbers, financial account information, treatment diagnoses, prescription records, provider names, medical record numbers, government program identifiers (Medicare/Medicaid), health insurance details, treatment cost breakdowns, and system access credentials. On April 13, 2020, the medical center began notifying an undisclosed number of affected patients, explicitly stating the disclosure was made "out of an abundance of caution" rather than confirmation of actual data misuse. As a remedial measure, the organization offered complimentary credit monitoring and identity restoration services to impacted individuals. The incident investigation focused specifically on email account compromises rather than broader network or electronic health record system infiltration. As of the last reported update, the breach had not yet appeared in the U.S. Department of Health and Human Services' public breach portal, suggesting ongoing regulatory review or delayed reporting processes at the time of public disclosure.