Earlier this month, Solara Medical Supplies, a California-based company and the largest US independent supplier of medical devices and disposable medical products, reported a months-long data breach.
Who was affected by the breach?
First discovered on June 28 in a single Office365 email account, further investigation revealed that from April 2 to June 20, multiple employee accounts had been compromised, impacting 114,007 patients. Hacker(s) employed phishing attacks to access employee accounts and seize patient-related information, though the purpose of the attack remains unclear.
The infected employee accounts were immediately secured but a review uncovered the vast range of patient information stolen. The personal data accessed varied by patient, but included name, address, birthdate, Social Security Number, employee ID, health insurance/medical information, passport and/or ID number, Medicare or Medicaid ID, and credit/debit card information. A serious problem for all involved in the breach.
What steps did Solara take after discovering the breach?
Once the cyber attack was discovered, Solara took immediate steps to update and strengthen its email security measures. Solara’s policies and procedures on cybersecurity were also assessed and expanded. The company is still in the process of notifying the many affected patients.
Solara will offer each a complimentary year of credit monitoring and identity theft protection services so that they can remain vigilant of future threats.
Finally, Solara also reported the incident to law enforcement, as well as the necessary state and federal regulators, in order to help fight such scams in the long term.
How can you protect your employees and patients?
Incidences like this and others reported by Health IT Security last week should serve as a reminder to remain vigilant about cybersecurity, especially for email threats. Phishing and related email attacks can happen to anyone at any given moment if employees are not always on alert.
Rather than struggle to keep pace with hackers, healthcare providers should be prepared to block and prevent future attacks through up-to-date and repetitive employee awareness training and a solid email security plan in place.
Building a rock-solid email security strategy and training your employees to use it is vital to protecting yourself and your patients.