Primary Health Care Inc., a no-profit system of community health organizations based in Des Moines, Marshalltown as well as Ames, IA, has discovered that malevolent actors have gotten access to the electronic mail accounts of 4 workers and have possibly seen or gained patients’ safeguarded health data.
Primary Health Care issued a press statement as well as uploaded an alternate breach notification to its online portal on March 16, 2018, clarifying the breach happened on February 28, 2017. The breach was known the next day on March 1, 2017. Primary Health Care is in the procedure of warning affected patients and will be informing the case to the Division of Health and Human Services’ OCR. No description is given regarding why the breach took 12 months to inform, even though the timing of the breach notification indicates the year mentioned in the breach notification might be a typographical error and that the breach happened this year.
Primary Health Care responded swiftly to the breach and ended access to the undermined electronic mail accounts and hired a third-party computer forensics specialist to finalize an inquiry into the attack. The inquiry disclosed that access to 4 electronic mail accounts as well as their linked Google Drives was gotten by the assailant(s), even though it wasn’t possible to say if any electronic mails were copied and if any PHI was seen.
A re-examination of the electronic mail accounts disclosed they included information like patients’ names together with driver’s license numbers, dates of service, credit/debit card numbers, financial account numbers, facilities and providers attended, health insurance/payer information, medical records, treatment information, Social Security details, diagnoses, and in some cases, Medicaid numbers.
No evidence has been found to indicate any information has been incorrectly used, even though as a preventive measure, affected people have been provided one year of identity thievery safety facilities via AllClear for free of charge.
Primary Health Care is presently applying extra safety measures to reinforce the security and privacy of its information structures to evade more breaches of this type.