1,100 patients of Spectrum Health Lakeland impacted by a Phishing Attack
As per an announcement by the Spectrum Health Lakeland, the PHI (Protected Health Information) of some of their patients has been exposed for second time within a timespan of two months because of a data breach. The first breach occurred on WSG (Wolverine Services Group). The Wolverine Services Group incident impacted nearly 60,000 patients of Lakeland.
Like the first breach incident, this breach also took place at a business associate as well. In the latest breach incident, an email account was accessed by an unauthorized individual after an employee replied to one phishing email.
It was discovered by OS Inc., a billing services provider, that one of their employees email account was accessed by an unauthorized individual. The compromised email account contains Protected Health Information of around 1,100 patients, who belonged to Spectrum Health Lakeland. OS Inc. discovered the breach on Dec. 21, 2018, when an employee detected suspicious activity in the email account. Soon after, necessary steps were taken in order to revoke email account access of the unauthorized individual and secure data.
An outside computer forensics expert has been hired in order to assist in the investigation. The investigators have not found any evidence that will suggest PHI in attachments and emails had been stolen or accessed. However, it was still not possible to completely rule out data exfiltration or access with a high amount of certainty.
So, the breach has been determined as reportable incident and 1,100 patients of Spectrum Health Lakeland were notified that their PHI might have been compromised due to a data security incident. As per the investigators, the compromised email account contained some patient information like names, dates of service, health services provided, diagnoses, addresses, and the health insurance providers names.
OS notified the Spectrum Health Lakeland about this breach on Mar. 8, 2019. Spectrum Health Lakeland has since been working with the technology experts, so as to determine the nature and full extent of this breach. Besides, Spectrum Health Lakeland was working closely with OS Inc., so as to ensure that additional protections were implemented to prevent further breaches.
Although the Social Security numbers along with other critical sensitive information have not been exposed, a decision has been taken to offer the affected individuals free identity theft protection as well as resolution services for 12 months via Experian IdentityWorks.
» SPAMfighter News - 5/24/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!