Patient data exposed for months after phishing attack on Sunspire

Several employees of addiction treatment facility network Sunspire Health were targeted by a phishing email campaign, potentially exposing personal patient information for two months. The breach, which occurred between March 1 and May 4, was not discovered until between April 10 and May 17. The impacted email accounts contained names, dates of birth, Social Security numbers, medical data, and health insurance information. Sunspire is the second healthcare provider this week to report a months-long breach after a phishing attack.