BreachExchange mailing list archives
Navicent Health Data Breach Exposes Patient's Personal Info
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 18 Apr 2019 09:13:26 -0500
https://www.bleepingcomputer.com/news/security/navicent-health-data-breach-exposes-patients-personal-info/ Navicent Health announced in March that they suffered a data breach through unauthorized access to their email systems. This breach has exposed the personal information of 270,000 patients, with some social security numbers being disclosed. Navicent first learned of this data breach in July 2018, when they say they reported the breach to law enforcement and engaged with a computer forensics firm to launch an investigation. "Navicent Health was the victim of a cyber-attack that occurred this past summer that may have involved some of its patients' personal information," stated Navicent Health's notice. "Upon learning of the incident in July, we promptly instigated a security incident investigation. We also notified law enforcement and retained leading forensic security firms to help us investigate and conduct a comprehensive search for any personal information in the impacted email accounts, and to confirm the security of our email and computer systems. " On January 24, 2019, their investigation determined that only the email system was compromised and that their other systems, including the medical records system, was not breached. The compromised email server, though, did contain the personal information of patients. This data included names, dates of birth, addresses and billing and appointment information. Navicent further states that some of the compromised emails contained Social Security Numbers of individuals. According to breach information filed with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), 278,016 individual's information was compromised by this breach. While there is no indication that any of this information has been fraudulently used, Navicent will be offering a free one year credit monitoring service to those whose Social Security Numbers were exposed. They have also stated that affected users should monitor the credit reports for fraudulent activity and report any that is detected. Navicent has begun to send notifications to those who were affected, but it has not been disclosed as to why it has taken close to three month to disclose the breach after determining what information was exposed. BleepingComputer has contacted Navicent Health with questions regarding this breach, but have not heard back at the time of this writing. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Navicent Health Data Breach Exposes Patient's Personal Info Destry Winant (Apr 18)