BreachExchange mailing list archives
Month-Long Email Hack on Ohio Dental Insurer Impacts Patient Data
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 29 Mar 2019 08:02:28 -0500
https://healthitsecurity.com/news/month-long-email-hack-on-ohio-dental-insurer-impacts-patient-data Ohio-based Superior Dental Care, a dental insurance carrier, is notifying members that a hack on its employee email account potentially breached their personal data. On January 23, SDC officials first discovered the unauthorized access on one employee email account. The account was promptly secured, and an investigation was launched with support of a third-party forensics team to determine the scope of the incident. Officials determined the hackers first gained access to the email account about one month prior, beginning December 21. As a result, the cybercriminal had access to patient data, including names, Social Security numbers, payment and medical information related to dental treatment. SDC has since updated its security processes, and officials said they are continuing to work with the third-party forensics team to improve its overall security. HUMAN DEVELOPMENT CENTER IN DULUTH EMAIL BREACH An email account of a Human Development Center in Duluth employee was hacked in January, which potentially compromised some patient data. Officials first discovered the breach during a routine review of email logs on January 25. They discovered a hacker access the employee email account a week earlier, on January 16 and 18. An investigation determined the account contained some protected health information, such as names, dates of birth, internal HDC client numbers, a description of services, and some procedure codes. Patients who visited HDC between 2011 and 2018 were impacted by the security incident. PHISHING ATTACK ON FREDERICK REGIONAL HEALTH SYSTEM Maryland-based Frederick Regional Health System is notifying some patients of a potential data breach, after falling victim to a phishing attack. Officials first discovered the unauthorized access on January 21, when an employee was duped by a phishing attempt. The account was immediately secured, and officials launched an investigation. The investigation determined some patient data was contained in the email account, including names, health insurance numbers, insurance type, and for some patients, Social Security numbers. The breach was confined to patients who received hospice services from June 2017 to January 2019. “Frederick Regional Health System has dedicated multiple resources to cybersecurity over the years because we know the healthcare industry is a target,” officials wrote in a statement. “We will continue to implement additional security enhancements and conduct further email training with our staff.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Month-Long Email Hack on Ohio Dental Insurer Impacts Patient Data Destry Winant (Mar 29)