A non-profit setup of community health facilities in Des Moines, Marshalltown as well as Ames, IA, Primary Health Care Inc. has informed that hackers accessed the electronic mail accounts of four employees and might have downloaded or viewed patients’ PHI.
A press announcement released by Primary Health Care and published an alternate breach notification to its internet site on March 16, 2018, summarizing that the breach happened on February 28, 2017. The breach was noticed on March 1, 2017. Primary Health Care is now alerting concerned patients and will be recording an occurrence report to the Division of Health and Human Services’ OCR. No clarification was included regarding why the breach took a complete year to report, even though the way in which the breach was made known means that the year mentioned in the official breach notification might be a typographical error and that the breach happened in 2018.
Primary Health Care moved quickly to cope with the breach and switched off access to the undermined electronic mail accounts and engaged a third-party computer forensics specialist to carry out an analysis into the hacking attack. The inquiry disclosed four electronic mail accounts and their linked Google Drives were retrieved by the hacker(s), even though they didn’t know whether any electronic mails were opened and if any PHI was retrieved.
An examination of the staff electronic mail accounts disclosed they had data like patients’ names together with driver’s license numbers, times of service, credit/debit card numbers, financial details, facilities and providers, health insurance information, medical histories, medication information, diagnoses, Social Security details, and in some cases, Medicaid numbers.
Nothing was found to propose any information has been abused for ill means, even though out of an abundance of care, affected people have been provided 12 months of identity thievery protection facilities from AllClear free of charge.
Primary Health Care is presently setting up additional safety measures to increase the security and privacy of its information systems to wipe out more breaches of this type.