BreachExchange mailing list archives
California healthcare data breach could impact nearly 200, 000 patients
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 27 Jan 2020 09:00:51 -0600
https://portswigger.net/daily-swig/california-healthcare-data-breach-could-impact-nearly-200-000-patients The personally identifiable information of nearly 200,000 current and former patients of a California healthcare network may have been compromised following a phishing campaign that successfully targeted employee accounts. A potential data breach at PIH Health – operator of 10 hospitals, urgent care centers, and other facilities across southern California – was first uncovered on June 18, 2019. This prompted the Whittier-based healthcare organization to secure its email system and network, including resetting passwords for potentially affected employee accounts. The investigation into the breach revealed on October 2 that certain employee email accounts has indeed been accessed without authorization between June 11 and June 18, following a targeted phishing campaign. On November 12, the healthcare provider said it became clear that the email accounts in question may have contained the personal data of current and former patients. PIH Health said it started notifying potential victims by letter on January 10, in a security alert issued on the same day. Some 199,548 individuals may have been impacted by the incident, according to the US Department of Health and Human Services’ healthcare data breach portal. PIH Health said it was implementing additional security measures to prevent a similar security incident from happening in the future. The company has also established a toll-free call center to field questions about the incident, and is offering complimentary credit monitoring services to some potential victims. As of January 10, when the security alert was issued, the healthcare facility said it was “not aware, and the independent forensic investigation did result in the identification of, any evidence that information involved in this incident has been misused.” The Daily Swig has contacted PIH Health for an update on its investigation. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- California healthcare data breach could impact nearly 200, 000 patients Destry Winant (Jan 27)