BREVARD COUNTY, Fla. — Health First said a phishing scam targeting a small group of its employees led to a data breach that might have exposed the personal information of 42,000 of its customers.
The company said the breach happened between February and May and was reported to the U.S. Department of Health and Human Services last month.
[ Read: Facebook says hackers accessed 29M accounts ]
Health First said it blocked the unauthorized access and changed the passwords of the affected work email accounts.
"The criminals did not appear interested in obtaining personal data, but focused on continuing their phishing scam," the company said in a statement. "However, as some accounts contained protected health information (PHI), we have notified the impacted customers." %
%
[ Read: Have you eaten at Cheddar’s Scratch Kitchen? Take these steps to protect your credit ]
The company said it has implemented new security measures to prevent another breach and has hired AllClear ID to monitor the affected customers' identities for 12 months.
Customers with questions about the data breach or the identity theft monitoring may call 855-725-4570.