A trip to the hospital or doctor's office has turned into a real headache for thousands of patients around the state.
Employees at a large medical system were duped by a common email scam in late January.
Now Franciscan Health System, which is based in Tacoma, is notifying patients that their personal information is in the hands of hackers.
It started with a phony email.
Less than 20 Franciscan Health System employees opened a link, and entered their username and password.
“It looked like an email from our parent company, Catholic Health Initiatives," said Scott Thompson, Franciscan Health System spokesperson.
And just like that, emails containing information of around 8,300 patients were digitally swiped.
Some of those clinic and hospital emails contained patient names, dates of birth, addresses and health insurance information.
But the Social Security numbers of 15 patient were taken as well.
The emails are exchanged between hospitals and clinics treating the patients.
"At no time were any of our medical records compromised with this phishing scam," assured Thompson.
The following hospitals and clinics may have been affected:
• St. Joseph Medical Center, Tacoma
• St. Francis Hospital, Federal Way
• St. Clare Hospital, Lakewood
• St. Elizabeth Hospital, Enumclaw
• St. Anthony Hospital, Gig Harbor
• Franciscan Medical Group clinics
Luis Montufar spent the morning getting treatment for an infection at St. Francis Hospital in Federal Way.
He doesn’t believe he was targeted but worries these scams are happening more often.
"Look at what happened at Target, people just Christmas shopping,” said Montufar. “And it's tough to fix it because you don't know who has the information or why."
Not all Franciscan facilities were affected, including Highline Medical Center in Burien, Harrison Medical Center, Harrison HealthPartners or the Franciscan Hospice House in University Place.
The medical group is offering identity protection for the 15 patients whose Social Security numbers were put at risk.
Franciscan says it’s placing stronger passwords and re-educating employees about phishing emails.
Last week the medical group sent letters to patients whose information may have been compromised.
If you believe you are affected but do not receive a letter by April 16, 2014, please call 1-877-283-6556, Monday through Friday between 6 a.m. and 6 p.m. Pacific Time.