20,485 Patients of Health Recovery Services impacted by almost 3 month-long Network Breach

Health Recovery Services, the provider of drug as well as alcohol addiction services, has been notifying 20,485 patients about a data breach that was caused by almost 3 month-long network breach. Patients whose PHI was possibly exposed were notified by mail due to an abundance of caution.

The officials of Health Recovery Services found that one unauthorized IP address remotely accessed their computer network on Feb. 5, 2019. The network as well as the information systems was taken offline upon discovery to stop further access. Moreover, a forensic expert has been retained in order to conduct investigation for determining the nature as well as scope of this breach.

On Mar. 15, 2019, the third-party forensic investigator team found that the hackers first gained access of the network on Nov. 14, 2018, and this access continued till the time it was discovered (i.e. 3 months later on February 5, 2019).

The breached server has been used for storing the files as well as a software application. Files on that compromised server contain various kinds of patient information like names, dates of birth, addresses, and contact telephone numbers. Further, the officials added that patients getting treatment from Health Recovery Services based in Ohio after 2014 possibly have more compromised personal data like health insurance details, medical data, diagnoses, and treatments.

Social Security numbers for some of the patients was also breached. The officials said that no evidence was found that will suggest any kind of patient information has been accessed or copied, even though possibility of the data access as well as theft cannot be completely ruled out.

Health Recovery Services has since rebuilt their entire network in order to make sure that it was completely secure from any type of security threats. Moreover, the officials were reviewing the current policies, procedures, and cybersecurity measures which will be further enhanced to stop data breaches in future.

"We have been working with our forensic expert and our IT team to review and analyze the secure of our computer systems, and we have updated certain technical, administrative, and physical safeguards to ensure the security and confidentiality of your data in the future," the officials said in one statement.

» SPAMfighter News - 5/8/2019