The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
44°F
Current Conditions
Clear sky
View complete weather report

Color Scheme

Subscribe now

Spokane Regional Health District breach may have exposed medical data of more than 1,200 people

The Spokane Regional Health District is pictured.  (DAN PELLE/THE SPOKESMAN-REVIEW)
By Arielle Dreher arielled@spokesman.com(509) 459-5467

The Spokane Regional Health District announced a data breach that may have allowed hackers to see the health information, including medications, medical conditions and test results, for more than 1,200 people.

On Feb. 24, a phishing email opened by a district employee may have exposed health data to hackers to view, although an internal investigation of the breach found that no documents were opened, accessed or downloaded.

The disclosure may have exposed the information of 1,260 individuals from two departments in the district, which were not identified.

The phishing attempt is the second such breach in just three months at the district. In December, a similar breach exposed the health information of more than 1,000 SRHD clients.

The district was in the midst of implementing employee training to identify and avoid phishing emails when this most recent breach happened.

All of the clients whose information may have been exposed in the breach have been notified via letter and text message by the health district, said spokeswoman Kelli Hawkins.

She said the district is in the midst of rolling out Drip 7, a mandatory four-part cybersecurity training for employees that focuses on how to recognize phishing attempts.

This breach and the previous one were due to a phishing attempt through an email opened by an employee.

Hawkins said that, as a result, efforts to increase security are focused on staff education at the district.

“We’re focusing on our staff; our staff are our first line of defense,” Hawkins said.

The breach did not compromise clients’ financial information or their Social Security numbers, but the district has asked those whose data might have been viewed to keep a close watch on their bank accounts and health insurance plans just in case.

The health district says its IT team is continuously updating its security and testing as well.

In 2021, there was a record number of data breaches reported to the attorney general’s office, with data breach notices sent to 6.3 million Washington residents and 280 data breaches reported.

While businesses are the primary target for these attacks, in 2021, there were 35 health care organizations impacted by breaches, according to the attorney general’s report.

Arielle Dreher's reporting for The Spokesman-Review is primarily funded by the Smith-Barbieri Progressive Fund, with additional support from Report for America and members of the Spokane community. These stories can be republished by other organizations for free under a Creative Commons license. For more information on this, please contact our newspaper’s managing editor.