Personal data of 31,000 patients' potentially got exposed due to third-party data breach
The healthcare sector remains a prime target for the cyber attackers, with MHS (Managed Health Services) of the Indiana Health Plan notifying around 31,000 patients that their personal data potentially got exposed due to third-party data breach, caused by phishing attack.
As per the officials, a number of employees of an MHS vendor, LCP Transportation, replied to phishing emails most probably around July 30, 2018, as a result of which a hacker gains remote access of all those accounts for over a month. The impacted accounts were disabled by LCP Transportation on September 7, 2018.
A third-party computer forensic firm was hired by the MHS vendor to assist, and they together in partnership launched an investigation. "The investigation concluded that some of your information may have been in the email accounts and that could be accessed. There is no evidence that your information has been misused".
As per the officials, they found that the emails have patient data, such as names, dates of birth, addresses, insurance ID numbers, medical conditions, and dates of service.
On October 29, 2018, LCP Transportation notified the Managed Health Services about the breach. Managed Health Services then launched their own investigation. On December 20, 2018, MHS notified the patients about third-party vendor hack, and all the patients have been offered free credit monitoring for a year.
As per a statement, MHS said that "we have tested the email process with them to ensure it is working correctly. Our vendor is making improvements to their system security and conducting employee training about cyber risks".
On December 20, 2018, the MHS officials also announced about a second breach that was caused due to a mailing error. Protected health information got unintentionally disclosed after a letter regarding a pharmacy change, on October 16, was incorrectly mailed to a wrong member. The MHS officials came to know about this incident on October 25, 2018. The information contained names, medication information, and insurance IDs of around 576 plan members. The MHS officials are now reinforcing the mailing policies as well as procedures around the patient data, and also reviewing the process of sending the mailing addresses to their national mailing center.
» SPAMfighter News - 1/23/2019
We are happy to see you are reading our IT Security News.