Paubox blog: HIPAA compliant email made easy

Elara Caring phishing attack exposes 100,000 patients' data

Written by Sara Nguyen | March 13, 2021

Elara Caring, a home-based care provider, recently announced that patient data may have been exposed after a security breach in December 2020. 

 

What happened?

Elara Caring was the victim of a phishing attack . On December 9, 2020, a phishing email was sent to employees which enabled a hacker to gain access to several employee accounts. Although Elara Caring detected the unauthorized access the same day, it wasn't able to contain the situation until December 16. Protected health information ( PHI ) may have been leaked during this data breach. As many as 100,400 patients had sensitive data exposed, including information like:
  • Name
  • Date of birth
  • Address
  • Phone number
  • Financial or bank account information
  • Social Security number
  • Insurance information
  • Driver’s license number

 

Elara Caring claims that there's no evidence that PHI was accessed or misused. Its investigation also concluded that malware wasn't released into its network.

 

How did Elara Caring respond to the data breach?

Elara Caring sent notification letters of the data breach to all affected patients and is offering to pay for a two-year membership of Experian services to monitor for potential fraud.  Elara Caring also made many internal changes. Some of these changes include:

 

How can Paubox help you prevent phishing attacks?

Robust cybersecurity is critical to ensuring that you are protecting patient data, but human error repeatedly proves to be the weakest link in the chain. How can you send HIPAA compliant email while making sure human error doesn't cause breaches? That's where Paubox Email Suite Plus comes in. Our inbound security tools stop threats from entering your employees' inboxes, which means they don't even get a chance to expose themselves to phishing, viruses , or spam . It even includes our patented ExecProtect that stops display name spoofing emails. Since Paubox is HITRUST CSR certified , you know that we take HIPAA compliant cybersecurity seriously. We implement safeguards like blanket TLS encryption and two-factor authentication to keep your emails safe. But don't worry—Paubox is easy to use. It can seamlessly integrate with your email provider, including Google Workspace or Microsoft 365 . Your employees send emails directly to a patient's inbox. There's no need for client portals or passwords.
 
Try Paubox Email Suite Plus for FREE today.