Cyber Incident Victim: Overlake Medical Center & Clinics
Date:
Dec 2019
Location:
United States of America
Summary
Overlake Medical Center & Clinics experienced a phishing attack that compromised several employee email accounts, potentially exposing sensitive patient information including names, dates of birth, contact details, insurance identifiers, and medical treatment data for approximately 109,000 individuals. The unauthorized access lasted several days before detection, though investigators found no evidence of actual data misuse. Following the incident, the organization secured affected accounts, reset passwords, enhanced employee phishing awareness training, implemented multi-factor authentication, and deployed improved email filtering systems to block suspicious messages. This event underscores the persistent threat of phishing in healthcare due to the high value of medical records and highlights common defensive measures adopted by targeted organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 9, 2019, Overlake Medical Center & Clinics in Bellevue, Washington, discovered a phishing attack compromising several employee email accounts. The organization secured the affected accounts within hours and initiated an investigation. Forensic analysis revealed unauthorized third-party access to the initially compromised account from December 6 through December 9, 2019, with subsequent unauthorized access to additional email accounts limited to a few hours on December 9. The investigation could not confirm whether attackers accessed or exfiltrated protected health information stored within the email system, which potentially included patient names, dates of birth, phone numbers, addresses, insurance details, diagnoses, and treatment information. No evidence of actual or attempted misuse of patient data was identified at the time of reporting. The incident impacted 109,000 individuals, making it the third-largest breach reported to the HHS HIPAA Breach Reporting Tool in early 2020.
Overlake implemented multiple containment and remediation measures following the incident. The organization reset passwords for all compromised accounts, enhanced mandatory cybersecurity training to improve phishing email recognition, deployed improved technical controls to identify and block suspicious external emails, and implemented multifactor authentication. The breach notification statement emphasized ongoing monitoring for misuse of patient data but reported no identified cases. The incident highlighted persistent healthcare sector vulnerabilities to phishing attacks, which exploit human factors and organizational processes rather than purely technical weaknesses. Overlake's response focused on layered defenses combining workforce education with upgraded technological safeguards to reduce future phishing risks.