CareATC data breach impacts over 98K patients and employees
by Sara Uzer
CareATC, a population health management company based in Oklahoma, has reported the discovery of an email data breach. The incident exposed the private information of over 98,000 patients, employees, and dependents.
SEE ALSO: HIPAA compliant email
CareATC first came across suspicious activity in an employee’s email account on June 29. This prompted them to partner with forensic experts to launch an investigation, which determined that an unauthorized party had gained access to two email accounts between June 18 and June 29. The organization then conducted a thorough analysis of the content in these inboxes to understand the full scope of the attack.
The review found that only individuals’ names and dates of birth were revealed in the majority of cases. However, additional types of personally identifiable information (PII) and protected health information (PHI) may have been uncovered in other instances. These include Social Security, driver’s license, passport, and US Alien Registration registration numbers, as well as financial credentials, health insurance records, electronic signatures, usernames, passwords, medical history, and treatment details.
How is CareATC responding to the attack?
Although CareATC is not aware of any attempted or successful misuse of information connected to the data breach, the group is sending letters to all individuals whose private data may have been exposed. A designated phone number and mailing address is also provided, which offers an opportunity to ask additional questions and allows those who did not receive a letter to confirm whether they were affected.
Upon learning of the incident, CareATC took immediate steps to secure all email accounts. The organization is also implementing additional measures to prevent a repeat event, such as expanding employee security training and collaborating with external specialists to strengthen the overall safety of its email system.
Ways to minimize your organization’s risk
IBM’s Cost of a Data Breach report found that personal data was the most common type of information revealed in data breaches, representing nearly half (44%) of all attacks between May 2020 and March 2021. Some key strategies that healthcare providers can take to close security gaps include:
- Keep track of where all confidential data is saved and minimize the amount of total storage places.
- Establish a strong password policy and enable two-factor authentication.
- Regularly update all programs, applications, and security software.
- Educate staff on how to avoid, identify, and report email phishing schemes,
As healthcare data breaches continue to evolve, solid safety practices aren’t always enough to protect your sensitive information. This makes it more crucial than ever to stay proactive with stronger email security.
Paubox Email Suite sends HIPAA compliant email by default and automatically encrypts every outbound communication. This eliminates the extra time spent deciding which emails to encrypt and allows patients to conveniently receive your messages right in their inboxes – no password or portal required.
Our Plus and Premium plan levels are also equipped with innovative inbound email security tools that go one step further to block potential threats. ExecProtect works quickly to catch display name spoofing attempts, while our patent-pending Zero Trust Email feature requires multiple identity verifications to ensure that an email is legitimate.