A phishing attack has potentially been compromised the private personal data of 8,400 patients of the Humana-owned Family Physicians Group in Orlando who are are being notified as a result of the breach.

Family Physicians Group is one of the biggest providers of healthcare for Medicare and Medicaid beneficiaries in Central Florida and operates 22 clinics in the region.

An official review into the breach showed that that a staff member’s email account was logged onto by an unauthorized individual on August 7, 2018. Unauthorized account access was left open until August 21, 2018, when the breach was identified and login details were amended. The login details were obtained by the hacker when the staff member replied to a phishing email.

Impacted patients were made aware of the incident on December 28, 2018. It has still not been revealed why it took in excess of 4 months to send notifications to patients.

A review of the emails in the compromised account showed that a number of messages contained the protected health data of patients. No financial information or Social Security numbers were included in any of the correspondence. The breach was restricted to names, dates of birth, physicians’ names, and health insurance data.

So far there have been no reports to that patient data were stolen and misused. Family Physicians Group changed all email passwords as a precautionary measure and has enhanced its email application and put in place additional security measures to prevent future phishing attacks.