14,305 Patients impacted as a result of a phishing attack on the Main Line Endoscopy Centers

Main Line Endoscopy Centers, an outpatient endoscopy clinics network in the Bala Cynwyd, Media, and Malvern regions of Pennsylvania, has recently become victim of a phishing attack. Pennsylvania's Main Line Endoscopy Centers employee email account has been accessed by an unauthorized individual, as the employee has made an error of responding to the phishing email. Although Main Line discovered the breach on Jan. 30, 2019, but it is still not known exactly when the email account was breached.

One of the leading forensic security firms from outside was hired in order to primarily help in the breach investigation to determine whether the unauthorized individual has opened any messages in the email account, and also to discover whether any PHI (Protected Health Information) was compromised. As per the investigation, it was confirmed by the investigators that the attackers possibly gained access to certain patients' protected health information like their names, some of their clinical information, and their dates of birth. The investigators also said that some patients might have had their driver's license numbers, Social Security numbers, and health insurance details compromised.

Notification letters regarding the breach were sent by Main Line to all the affected patients on Mar. 29, 2019. However, only those individuals who had their driver license numbers or Social Security numbers compromised were offered free identity theft protection services for 1 year.

As a precautionary measure, all the patients affected due to this breach were advised to observe and check their credit reports, explanation of the benefits statements, and financial accounts closely for any possible fraudulent transactions.

Moreover, in order to improve the security and avoid further breaches, all the employees of Main Line were provided additional training to improve their email security awareness and knowledge about phishing emails. Main Line Endoscopy Centers also has implemented multi-factor authentication so as to prevent unauthorized access to account in case the login credentials of employee are compromised in future.

The breach report has been submitted by Main Line to Department of Health and Human Services' Office for Civil Rights. This breach incident is posted on the web portal of OCR, which shows that 14,305 patients got affected.

» SPAMfighter News - 4/23/2019