The Detroit-based Henry Ford Health System has begun alerting nearly 18,500 patients that a few of their safeguarded health information has possibly been accessed by an illegal person.
The breach was found out on October 3, 2017 when illegal access to the electronic mail accounts of many workers was noticed. Although safeguarded health information was possibly accessed or thieved, the health system’s EHR system wasn’t undermined at any stage. All data was restricted to the compromised electronic mail accounts.
It’s presently uncertain precisely how access to the electronic mail accounts was achieved. Usually, breaches like this entail phishing attacks, where several electronic mails are transmitted to healthcare workers that deceive them into revealing their login identifications. An internal inquiry into the breach is continuing to find out the reason of the attack and how the login identifications of a few of its workers were thieved.
Henry Ford Health System has carried out an analysis of all electronic mails in the accounts as well as has concluded that 18,470 patients have been impacted. The electronic mails had a variety of info on patients including names, medical diagnoses, dates of service, location, department’s name, provider’s name, medical record numbers, and the name of health underwriters. Each patient affected by the breach had some of the above information disclosed. Social Security numbers and financial information weren’t present in any of the undermined electronic mail accounts.
At this point in the inquiry, it’s not clear whether the individual who accessed the accounts stole or viewed any info, and if any of the PHI has been utilized wrongly.
A representative for Henry Ford Health System stated, “We consider extremely earnestly any abuse of patient info, and we are carrying on our own internal inquiry to decide how this occurred and to make sure no other patients are affected,” and “To decrease upcoming danger of this occurring once more, we are reinforcing our safety protections for workers, all of whom will be trained concerning this step in the future weeks.”
Henry Ford Health System will also be revising its plans on electronic mail retention as well as the usage of two-factor verification.