Nine employees email accounts of Rutland Regional Medical Center accessed by Hackers
Rutland Regional Medical Center of Rutland City, which is largest community hospital of Vermont state, recently learnt about an incident which may affect security of the personal information of some individuals receiving care from their facility. The medical center discovered that hackers gained access to nine employees email accounts and possibly viewed/obtained protected health information of the patients.
On Dec. 21, 2018, a medical center employee noticed that some of their email accounts were used for sending huge number of spam emails. Thus on Dec. 28, 2018, a possible security breach has been reported to the IT department of the medical center. It was determined by the IT department, on December 31, 2018, that an unauthorized individual had remotely accessed few email accounts of hospital employees.
The account was secured immediately and the password has been changed. On February 20,
2019, the medical center of Vermont has posted notice on their website that says - "we take this incident very seriously, and we have been working diligently, with the assistance of third-party forensic investigators, to determine the full nature and scope of this incident". Although investigation about the breach is still going on, it was concluded by the forensics expert on Feb. 6, 2019, that 9 email accounts were compromised in between Nov. 2, 2018, and Feb. 6, 2019.
As per the hospital officials, it's possible that the hacker might have accessed the patients' personal information. The sensitive information in those compromised email accounts contains patients' full names, contact information, dates of birth, patient ID numbers, financial information, medical record numbers, health insurance data, treatment information, diagnoses, and Social Security numbers. The breach was only limited to the email accounts, so the EMR (Electronic Medical Records) system and various other internal systems of hospital were unaffected by this breach.
The breach was reported to Department for Health and Human Services' Office for Civil Rights. As per the breach portal, 72,224 patients were affected by this breach.
The medical center will send notification letters to the patients whose personal health information might have been accessed. The hospital also said that additional security measures as well as safeguards will be implemented for further securing the protected health information of patients and improve the email security to try preventing more breaches of this kind.
» SPAMfighter News - 14-03-2019