The practice said in an online notice that it became aware of unusual activity in its email system on Sept. 12. An investigation found that between Sept. 10 and Sept.12, an unauthorized party gained access to employee email accounts as a result of a phishing email.
The accessed emails contained various patient information, including names, dates of birth and treatment information. The emails did not contain Social Security numbers or financial information, the practice said.
The incident was submitted to the U.S. Department of Health and Human Services breach portal Feb. 13.
