Cyber Incident Victim: MedSpring Urgent Care
Date:
May 2018
Location:
United States of America
Summary
A phishing attack compromised an employee email account at MedSpring Urgent Care, potentially exposing personal and medical information of approximately 13,000 patients treated at Illinois facilities. The unauthorized access was discovered following the phishing incident, prompting the organization to block the account, engage a cybersecurity forensics firm, and conduct a review that identified possible exposure of patient names, account numbers, medical record numbers, and treatment details. While no evidence of data misuse was found, the entity notified affected individuals and offered complimentary identity protection services. Additional security measures were implemented to mitigate future phishing risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 8, 2018, an employee of MedSpring Urgent Care fell victim to an email phishing scam, which compromised the employee’s email account credentials. The phishing attack involved an unauthorized individual impersonating a trustworthy entity to obtain the employee’s username and password. MedSpring discovered the breach on May 17, 2018, and immediately blocked the attacker’s access to the compromised account. The company engaged a cybersecurity forensics firm to investigate the incident and determine the scope of unauthorized access. By May 22, 2018, the investigation revealed that the attacker may have accessed personal information stored within the email account. A subsequent review identified that the exposed data included patient names, account numbers, medical record numbers, dates of service, and details of medical services provided. The breach specifically affected individuals treated at MedSpring’s Illinois facilities, with 13,034 patients ultimately notified of the incident. MedSpring stated it found no evidence of actual misuse or unauthorized viewing of patient data at the time of disclosure.
MedSpring initiated notification letters on July 20, 2018, to all affected patients with up-to-date contact information, providing a toll-free number (866-751-1317) for inquiries. The company offered 12 months of identity protection and fraud resolution services through Experian to impacted individuals. Patients were advised to monitor account statements, request free annual credit reports, and review FTC resources on identity theft prevention. MedSpring attributed the breach to the phishing attack and emphasized implementing additional technological security measures to prevent future incidents. These measures included enhanced anti-phishing safeguards, though specific technical controls were not detailed in the disclosure. The response focused on containment, patient support, and procedural improvements, with no mention of regulatory penalties or legal actions in the available information.