Cyber Incident Victim: Charleston Area Medical Center

On January 10 and 11, 2022, unauthorized actors gained access to several employee email accounts at Charleston Area Medical Center (CAMC) through a phishing attack. The attackers primarily sought to collect employee login credentials rather than target specific patient information. Despite this objective, the compromised email accounts contained protected health information (PHI) belonging to approximately 54,000 individuals. Exposed data included patient names, medical record numbers, test results, and treatment-related information. A very small subset—representing 0.001% of affected individuals—also had their Social Security numbers exposed. CAMC did not specify whether the compromised email accounts were clinical, administrative, or both, nor did they disclose the exact number of accounts breached. The incident was detected through unspecified means, prompting immediate action to secure the affected accounts.

Following the discovery of malicious activity, CAMC secured the compromised email accounts to prevent further unauthorized access. The organization conducted an investigation to determine the scope of the breach and identify affected individuals. Notification letters were subsequently sent to all 54,000 impacted patients, detailing the types of exposed information and offering guidance on protective measures. CAMC did not publicly disclose whether they provided credit monitoring services or other remediation efforts beyond breach notifications. The incident highlighted vulnerabilities in email security protocols, though the organization did not elaborate on specific technical or procedural changes implemented post-incident. No ransomware deployment, data encryption, or financial demands were reported in connection with the phishing campaign. Regulatory filings with the U.S. Department of Health and Human Services confirmed the incident met federal reporting thresholds for breaches affecting over 500 individuals.