Thousands of Choice Rehabilitation Inhabitants Affected by Email Account Break

January 10, 2019

After a worker organized a mail forwarder to transmit electronic mails to a private electronic mail account, Choice Restoration of Creve Coeur, MO has found an illegal person unlawfully logged into that company electronic mail account.

The breach happened on July 1, 2018 and the post forwarder was permitted until September 30, 2018. A detailed evaluation of the electronic mail account demonstrated the protected health information of some inhabitants was included in invoicing papers attached to electronic mails that had been transmitted to its allied skilled nursing centers.

Extremely confidential information including fiscal data, Social Security numbers, Medicare and Medicaid numbers, birth dates and contact information remained continuously protected. The breach was limited to invoicing data related to real, speech, and occupational therapy provided to patients such as names, billing codes, treatment information, diagnoses, start and end dates of therapy, medical record numbers, payer details, and the name of the facility where care was provided.

Upon seeing the break, access to the compromised electronic mail account was ended, the mail forwarder was disabled and the private electronic mail account used by the hacker has been disabled. Choice Rehabilitation warned other company users concerning the breach and reminded them of safety protections to stop illegal account access. Safety consciousness training will carry on to be regularly provided to staff members. Increased protections have also been put in place to improve electronic mail and network safety and checking of company electronic mails accounts has been reinforced.

Choice Rehabilitation hasn’t seen any proof to indicate the forwarded electronic mails were opened by the hacker. Because of the type of the PHI that was possibly retrieved, Choice Rehabilitation is of the view the risk of PHI abuse is minimal.

The breach report on the Division of Health and Human Services’ Office for Civil Rights (OCR) breach portal says that up to 4,309 people have probably been impacted.