Gorodenkoff - stock.adobe.com
3 Latest Email Security Breaches Impact PHI
A surgery center in Texas, a hospice provider in Alabama, and a university in Florida all recently reported healthcare data breaches that stemmed from email security incidents.
Email security breaches continue to lead to compromised protected health information (PHI) and widespread breach notifications, as exemplified by the three recently-reported breaches detailed below.
Live Oak Surgery Center Reports Breach
Live Oak Surgery Center, a surgery center in Plano, Texas, reported a breach to HHS impacting 5,264 individuals. According to a notice on its website, Live Oak recently discovered suspicious activity within its email environment.
Further investigation revealed that an unauthorized party accessed two employee email accounts between August 10 and September 27, 2022.
The email accounts contained names, financial account information, Social Security numbers, driver’s license numbers, usernames and passwords, medical information, payment card information, dates of birth, health insurance information, and passport numbers. Live Oak said it could not determine what emails and attachments, if any, were viewed by the unauthorized party.
“Since discovery of the event, we implemented additional security measures to further protect information,” Live Oak noted.
University of Miami Suffers Data Security Incident
A University of Miami employee experienced identity theft, leading to a compromise of their UM email account, the University of Miami Health System informed patients.
The unauthorized access impacted a limited number of UHealth patients due to the fact that the email account contained some patient names and medical record numbers.
“Upon learning of this incident, we took swift action to investigate, remediate the compromised account and block the intrusion. All patients have been sent a notification,” UHealth explained.
UHealth said it had no reason to believe that any patient information had been or will be used inappropriately, but urged patients to remain vigilant.
Alabama Hospice Provider Suffers Breach
Legacy Hospice in Alabama notified 21,202 individuals of a breach that stemmed from unauthorized access to a limited number of employee email accounts. The access occurred on February 11, 2022 and again between April 7 and April 21.
However, Legacy Hospice did not discover the breach until November, according to a breach submission on the Maine Attorney General’s Office website. The breach involved names, Social Security numbers, and protected health information.
“Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal and protected health information in our possession and have taken many precautions to safeguard it,” the notice stated.
“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal and protected health information.”