Charleston Area Medical Center (CAMC) recently disclosed that a phishing attack between October 2 and October 3, 2024, may have compromised individuals’ protected health information (PHI).
What happened
Between October 2 and October 3, 2024, CAMC experienced a data breach caused by a phishing attack that compromised an employee’s email inbox. The attack specifically targeted a small number of CAMC employees, allowing unauthorized access to confidential data for approximately 24 hours.
On February 14, 2025, CAMC began notifying affected individuals, providing them with details about the exposed information and offering protective measures.
In response to the breach, CAMC has implemented additional security measures, including enhanced email filtering, cybersecurity training for employees, and stricter access controls, to prevent similar incidents in the future.
What was said
According to the CAMC notice to the Office of the Vermont Attorney General, “The information that may have been impacted varied from person to person, but may have included [individuals’]:
- First and last name
- Date of birth
- Email address
- Phone number
- Driver’s license
- Health information
- Health insurance information”
In the know
Phishing attacks are one of the most common cyber threats in healthcare. These attacks involve fraudulent emails that trick employees into revealing login credentials, allowing attackers unauthorized access to sensitive systems.
Experts warn that phishing attacks are becoming more sophisticated, often mimicking official communications to deceive even trained personnel. In addition to personal identity theft, compromised health information can lead to fraudulent insurance claims, medical identity theft, and unauthorized access to treatment records.
Go deeper: Phishing attacks in healthcare: How to protect your organization in 2025
Learn more: HIPAA Compliant Email: The Definitive Guide
FAQs
Does HIPAA apply to phishing attacks in healthcare?
Yes, phishing attacks in healthcare fall under Health Insurance Portability and Accountability Act (HIPAA) regulations. Phishing attacks compromising the privacy and security of protected health information (PHI) can lead to severe penalties, including fines and reputational damage.
What are HIPAA compliant emails?
HIPAA compliant email solutions, like Paubox, uphold federal regulations for safeguarding individuals’ PHI.
More specifically, these solutions use advanced security measures, including encryption, access controls, and audit controls to prevent unauthorized access to PHI during transmission or at rest.
Can HIPAA compliant emails include attachments?
Yes, HIPAA compliant emails can include attachments containing medical images, documents, or other sensitive information, protecting patient privacy and preventing unauthorized access or interception.
