Addison County Home Health & Hospice exposed PHI

Vermont's Addison County Home Health & Hospice notified 758 patients that some of its PHI got exposed due to an email security breach recently.

The data breach notice of Addison County Home Health & Hospice to the consumers said that the hospice is committed to protect security and confidentiality of personal information they maintain. The notice also said that regrettably they are writing so as to inform the consumers about an incident involving some of their information. The data breach notice explains about the incident, the measures that have been taken by the hospice and steps that the consumers can take in reply to the email breach.

The email security breach has been discovered on Apr. 26, 2019. Addison County Home Health & Hospice secured the account immediately and began an investigation. One topmost cyber security company was hired to help in determining what has happened and what kind of information may be there in the compromised email account.

The investigation has revealed that unauthorized access to email account of an employee was gained first on Feb. 19, 2019. However, the investigation was not able to determine whether that unauthorized individual has actually viewed any emails in that compromised email account.

The data breach notice to the consumers also said that "in an abundance of caution, we reviewed all emails and attachments in the account to find information that may have been accessible to the unauthorized person". The analysis of those emails in that compromised email account revealed they contain the names, clinical information, as well as for some patients, Social Security numbers and medical record numbers.

The hospice is offering a free one-year membership of the Experian's® IdentityWorksSM Credit 3B to the individuals whose Social Security number has been exposed. The data breach notice added that "this product helps detect possible misuse of your personal information and provides you with identity protection services focused on identification and resolution of identity theft. IdentityWorks Credit 3B is completely free to you, and enrolling in this program will not hurt your credit score".

The hospice further said in the data breach notice that to avoid something like this incident from happening in future they required changing the password for email account. In addition, the hospice is also implementing more technical security measures, as well as employees will receive additional training to help them detect and avoid the phishing emails.

» SPAMfighter News - 7/24/2019