Greater St. Louis Oral & Maxillofacial Surgery Reports Email Breach and Patient Data Exposure

Greater St. Louis Oral & Maxillofacial Surgery (GSLOMS) reports a security breach caused by a compromise of an employee email account. Attackers used the compromised account to send phishing emails to other targets. 

The medical practice changed passwords and revoking session tokens. They also reset multifactor authentication (MFA) settings to prevent further unauthorized entry.

The breach exposed sensitive personal and protected health information (PHI). The following data types were involved:

• Full names and telephone numbers
• Dates of medical service
• Treatment codes and brief descriptions of care
• Health insurance information

The number of affected individuals is not disclosed, but the practice says the breach affected thousands of current and former patients.

The practice has started notifying those affected by the event. This exposure puts patients at risk of identity theft and medical fraud. GSLOMS recommends that patients review their health insurance statements for any services they did not receive.

It's not clear whether the practice will offer complimentary credit monitoring services.