Episcopal Health Services of New York issued second batch of breach notifications to the patients
Episcopal Health Services, who operates New York's St. John's Episcopal Hospital, has issued second batch of breach notifications to the patients who were found impacted recently by the months-long 2018 phishing attack.
Episcopal Health Services has been alerted about a possible phishing attack, after suspicious activity was noticed within email accounts of several employees in Sep. 18, 2018. An investigation has been launched immediately to determine cause behind that suspicious activity. With assistance of the third-party forensic investigators, Episcopal Health Services found that email accounts of several employees were hacked after they responded to the phishing emails.
Further, the investigation also confirmed that these email accounts were breached in between Aug. 28, 2018, and Oct. 5, 2018. Those compromised email accounts were reviewed in order to find whether they contain any type of personal or protected health information. On Nov. 1, 2018, the officials of Episcopal Health Services confirmed that a few patients' PHI was exposed.
The exposed information differs from patient to patient and might have included names, financial information, dates of birth, Social Security numbers, diagnoses, medical record numbers, medical histories, treatment information, health insurance information, and prescription information.
On Nov. 15, 2018, patients for whom Episcopal Health Services had postal address have been sent notification letters. However, the officials said that compromised email accounts are being continued getting reviewed so as to find whether they contain any type of protected health information. On Mar. 19, 2019, the second round of breach notification letters was sent to those patients who have also been discovered affected by this breach.
The breach report that was submitted on Nov. 19, 2018, to Department of HHS' Office for Civil Rights indicates that 218,055 individuals have been impacted by this phishing attack. The patients whose protected health information has been exposed were offered complimentary identity theft protection and credit monitoring services for a year.
Episcopal Health Services said that "we take this incident very seriously and the confidentiality, privacy, and security of our information is one of our highest priorities. As part of our incident response, we changed the log-in credentials for all employee email accounts to prevent further unauthorized access".
» SPAMfighter News - 5/28/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!