A worker’s email account that contained the PHI of roughly 8,400 patients of Billings Treatment center in Billings, MT has been unlawfully retrieved.
The breach was found by the treatment center’s cybersecurity systems on May 14, 2018, with a strange activity triggered an alert. Prompt action was taken to protect the account, even though it is possible that the PHI of patients might have been copied or seen.
The information in the account was controlled. No financial information was retrieved, medical files were not obtained, and no Social Security numbers were kept in the account. Data in the account had been used for planning and related to patients who received medical cure between 2008 and 2011.
The breach was limited to names, descriptions of medical services supplied, diagnoses, contact information, dates of birth, medicinal record details and internal financial control numbers. The probe demonstrated that the breach was limited to the electronic mail account of one worker.
Although data breaches such as this can easily happen because of staff members replying to phishing attacks, in this instance access is believed to have been gained by another way. The worker concerned had lately been abroad on a medical assignment. The electronic mail identifications were downloaded by the illegal person while the worker was away on the assignment.
Login detail can easily be interrupted when linking to unsafe public Wi-Fi systems, or if a connection is made to a scoundrel Wi-Fi hotspot.
Any healthcare group that lets staff members take appliances having PHI abroad, or lets employees to access PHI distantly, must ensure staff members undergo safety consciousness training and are made conscious of the threats of connecting to public Wi-Fi systems.
Policies must also be framed that need those staff members to only link to the Internet using a virtual private network (VPN). It is also essential to make sure VPN software is updated and it’s desirable to put in place a web sieving solution to protect employees when not on the company network.