Cyber Incident Victim: Palmetto Health

In November 2018, Palmetto Health (now part of Prisma Health) in South Carolina experienced a phishing attack that compromised employee email accounts. The attack triggered an extensive multi-month investigation to determine the scope and impact on protected health information. The organization completed its forensic review on February 19, 2019, when it identified the specific individuals whose data resided in the compromised email accounts. Analysis revealed the accessed accounts contained patient names and treatment-related information typically used by healthcare providers during treatment or consultation. A smaller subset of affected emails included more sensitive details such as social security numbers and medical insurance information. The investigation timeline from initial detection to final determination spanned approximately three months due to the complexity of reviewing account contents and affected individuals.

Palmetto Health formally notified 23,811 affected patients following the February 2019 findings, though the breach report appeared on the HHS breach portal on March 29, 2019. The notification letters described the types of exposed information while differentiating between commonly compromised treatment details and less frequently exposed sensitive identifiers. No evidence suggested actual misuse of patient data at the time of disclosure. The incident shared temporal similarities with another phishing attack against Women's Health USA disclosed the same day, though the Palmetto case involved a single intrusion period compared to multiple attack phases in the other incident. Organizational response focused on breach containment, patient notification, and regulatory compliance through HHS reporting rather than public statements about security improvements.