Around 11,000 Summa Health patients PHI possibly got compromised
Summa Health based in Akron city, Ohio, has discovered that access to email accounts of four employees was gained by an unauthorized individual. Those compromised email accounts contain patients' PHI (Protected Health Information).
Summa Health officials said they became aware about unauthorized activity on their email platform on May 1 of this year, and as a result launched an investigation. Summa Health officials determined that email accounts of two employees got breached in Aug. 2018, and two more email accounts were breached in between Mar. 11 and Mar. 29, 2019.
Once discovered, all the four breached accounts have been secured immediately by the healthcare organization. Summa Health officials also said that an outside forensics firm was hired by them, in order to find out whether any kind of patient information was accessed or stolen during those hacks. The firm said that they found no proof of PHI access or data theft, but the possibility of patient information getting compromised in the data breach still cannot be ruled out.
An analysis of those compromised email accounts revealed that they contain following types of Protected Health Information: patient names, patient account numbers, medical record numbers, dates of birth, treatment information, and clinical information. A small number of patients also had the driver's license numbers and/or Social Security numbers got exposed.
In total, 10,893 Summa Health patients got affected. On Jun. 28, 2019, the Summa Health has submitted two breach reports to the OCR for Aug. 2018 and Mar. 2019 attacks, one affecting 7989 patients and the other one affecting 2,904 patients.
According to the officials, the health system is providing training to their employees on their privacy as well as security policies. Summa Health is also strengthening their email security by implementing more security measures, so as to avoid such kind of incidents from happening in future.
In addition, Summa Health is notifying the 10,893 patients about this incident and is also requesting them to monitor the statements from their health insurers and healthcare providers. Complimentary identity protection and credit monitoring services have been provided for a year to those patients whose driver's license number or Social Security number was exposed.
Cleveland reported that a Summa Health spokesman said that "if they see services that the patient did not receive, they should contact the provider or insurer immediately. For eligible patients whose Social Security number or driver's license number was found in the email accounts, Summa Health is offering complimentary credit monitoring and identity protection services".
» SPAMfighter News - 7/31/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!