Blue Planet Studio - stock.adobe

Email Hack Results in Health Data Breach in NJ Lab

An email hacking event led to a health data breach for one lab that provides testing for patients across the country.

A New Jersey lab that performs specialized diagnostic testing is notifying patients of a data breach that involves their protected health information (PHI.)  

A2Z Diagnostics, LLC, of Eatontown, issued a notice to patients about the recent cyberattack.  

“A2Z recently notified individuals of a data security incident involving access to certain employee email accounts by unauthorized third parties,” the notice states. “Upon learning of this issue, A2Z promptly secured the impacted email accounts and launched an immediate investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the email accounts and the security of the emails and attachments contained within them.” 

The forensic investigation and manual document review showed “on June 28, 2021 that one or more of the email accounts accessed between February 2, 2021 and April 2, 2021 contained identifiable personal and/or protected health information. A2Z has no evidence to suggest that any data has been misused or acquired.” 

The impacted email accounts that were hacked in the cyberattack included personal and protected health information (PHI) of patients and included full names, Social Security numbers, dates of birth, driver's license or state identification numbers, medical diagnosis or clinical information, treatment types or locations, doctor name, health insurance information and/or medical procedure information.  

“This incident does not affect all individuals who received testing by A2Z. Beginning on July 28, 2021, A2Z mailed notification letters to each affected individual for whom it has enough information to determine a physical address,” the notice says.  

“The lab is encouraging individuals to monitor insurance statements for any transactions related to care or services that have not actually been received,” it continues.  

Those patients who had their Social Security numbers compromised are eligible for credit monitoring services provided by the lab.  

For further questions regarding this incident A2Z has set up a response line for individuals to ask questions. It can be contacted at 866-991-0871, Monday through Friday, 8 am to 8 pm, Central Time.  

“Since the date of this incident, A2Z has taken significant measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including enhancement of its multi-factor authentication software,” the notice concludes. 

Next Steps

Dig Deeper on Cybersecurity strategies