Cyber Incident Victim: Southwest Washington Regional Surgery Center
Date:
May 2018
Location:
United States of America
Summary
A phishing attack compromised an employee email account at Southwest Washington Regional Surgery Center, exposing protected health information of 2,393 patients. The unauthorized access potentially disclosed names, Social Security numbers, driver’s license details, medical records including diagnoses and treatments, and limited credit card information. While no evidence of data misuse was found, the surgery center provided affected individuals with credit monitoring services and identity theft restoration. They also strengthened security measures by updating passwords and enhancing email protocols to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 25, 2018, Southwest Washington Regional Surgery Center (SWRSC) in Vancouver, Washington, discovered a security incident stemming from a phishing attack that compromised one employee’s email account. The unauthorized access occurred between May 27, 2018, and August 13, 2018. SWRSC initiated an investigation promptly after detection, engaging external cybersecurity professionals to conduct forensic analysis and a manual review of the affected email account. The forensic investigation confirmed on September 25 that the breached account contained protected health information (PHI) of 2,393 patients. Exposed data included patient names, Social Security numbers, driver’s license numbers, medical details such as diagnoses, treatments, surgeries, medications, lab results, and health insurance information. A limited number of patients’ credit card numbers were also present in the compromised account. The center clarified that not all patients were affected by the breach and stated no evidence existed indicating misuse of the exposed information.
SWRSC formally notified impacted patients on November 6, 2018, and reported the incident to the Oregon Attorney General’s Office. Patients whose Social Security numbers or driver’s license numbers were exposed were offered complimentary credit monitoring and identity theft restoration services. The notification included guidance on protective measures such as reviewing financial statements, obtaining free credit reports, placing fraud alerts, and initiating credit freezes. SWRSC advised patients to monitor health insurance explanation of benefits for unrecognized items. Internally, the organization implemented corrective actions to reduce future risks, including password updates and enhanced email access protocols. A dedicated toll-free response line (888-891-8399) was established for patient inquiries, operational Monday through Friday during Pacific Time business hours. The center reiterated its commitment to patient privacy but did not disclose specific technical details about the phishing attack’s execution or the identity of the threat actors.