BREVARD COUNTY, Fla. - Health First said a phishing scam targeting a small group of its employees led to a data breach that might have exposed the personal information of 42,000 of its customers.
The company said the breach happened between February and May and was reported to the U.S. Department of Health and Human Services last month.
Health First said it blocked the unauthorized access and changed the passwords of the affected work email accounts.
"The criminals did not appear interested in obtaining personal data, but focused on continuing their phishing scam," the company said in a statement. "However, as some accounts contained protected health information (PHI), we have notified the impacted customers."
The company said it has implemented new security measures to prevent another breach and has hired AllClear ID to monitor the affected customers' identities for 12 months.
Customers with questions about the data breach or the identity theft monitoring may call 855-725-4570.
© 2019 Cox Media Group.