Email hack makes for HIPAA breach

[InfoSec News <alerts () infosecnews org>]

http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack

By Erin McCann
Associate Editor
Healthcare IT News
October 14, 2014

An academic medical center in California is notifying patients of a HIPAA 
breach after officials discovered a physician's email account had been 
hacked by an outside source.

University of California Davis Health System has notified 1,326 patients 
that their protected health information, which was contained on this 
physician's email account, was compromised. The breach, which occurred at 
UC Davis Medical Center, was discovered Sept. 26, according to patient 
notification letters mailed out. The email incident had occurred one day 
earlier.

"Our IT team has undertaken a review of the event, but the exact root 
cause of the incident remains unknown. We do not see evidence of a 
phishing attack," said Shara Merritt Reed, privacy program director at UC 
Davis Health System, in an emailed statement. "We hesitate to speculate 
but deduce the credentials were obtained by other means in order to 
utilize the account."

In a letter mailed to affected patients Reed explained that UC Davis 
providers use their emails for patient care purposes, specifically, for 
example, upcoming appointments, or patient care exchange for a 
consultation or referral. "When this happens, limited amounts of patient 
information may be included in the provider's email account," she 
explained in the letter.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/