Cyber Incident Victim: Terros Health

On November 16, 2017, Terros Health experienced a data breach resulting from a phishing attack that compromised one of the company’s email accounts. The breach was discovered on April 12, 2018, during an internal investigation, and Terros Health publicly disclosed the incident on June 8, 2018, by issuing a news release and mailing notification letters to 1,600 affected patients. The unauthorized access exposed protected health information, including patient names, dates of birth, physical and email addresses, medical diagnoses, medical record numbers, and other unspecified health data. Of the total impacted individuals, 1,241 patients had only their names and dates of birth potentially accessed, while a subset of 142 patients faced additional exposure of Social Security numbers. Nearly all affected patients had received treatment at Terros Health’s Phoenix clinic located near 23rd and Dunlap avenues. The company attributed the breach to a phishing attack, defined as fraudulent communications disguised as legitimate sources to extract confidential information.

Terros Health initiated response measures by notifying all potentially impacted individuals via mailed letters and establishing a dedicated call center operational on weekdays from 6 a.m. to 6 p.m. Arizona time. Patients whose Social Security numbers were exposed were offered complimentary credit monitoring and identity theft protection services. The company advised all affected individuals to monitor their financial accounts and credit reports for signs of fraudulent activity. No evidence suggested misuse of the exposed data at the time of disclosure. The breach investigation confirmed the incident’s scope was limited to unauthorized access via the compromised email account, with no indication of broader system infiltration. Terros Health did not disclose specific technical containment measures but emphasized the breach’s isolation to email account compromise through phishing tactics.