Notifications are still underway to patients, and their parents, after Children's Mercy Hospital in Kansas City recently revealed that personal health information on 60,000 patients were exposed in a cyber attack.
In early July 2018, the hospital told the Kansas City Star how significant these breach numbers have become, based on the investigation of the breach which was announced earlier in the year.
The hospital says five employees fell for phishing emails in late 2017 and early 2018, which allowed hackers to harvest employee credentials and access each employee's email account.
In four of the five cases, hackers downloaded entire email accounts containing an incredible amount of protected patient health information (PHI).
The hospital's IT team reset the compromised email accounts within hours to within a few days, but by then the emails had been stolen from four of the accounts.
So far the hospital says it is not aware of any misuse of this information, however, the potential here is significant, and notifications continue.
A statement from the hospital says: "The categories of information vary for individuals, but may have included first and last name, medical record number, gender, date of birth, age, height, weight, body mass index, admission date, discharge date, procedure date, diagnostic and procedure codes, clinical information, demographic information, diagnosis, conditions, other treatment information and identifying or contact information."
There seems to be no end to which type of personal information has value for hackers selling or trading on the Dark Web. Earlier this year, SecureWorld reported that infant social security numbers were for sale.
Data is the new oil, right?
And hackers are continuing to strike it rich.