by Seiji Iwasaki
Article filed in
Guardant Health, Inc. suffers HIPAA email breach
by Seiji Iwasaki
On September 14, 2018, Guardant Health, Inc. submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Redwood City, California, Guardant Health’s email breach affected 1,112 individuals’ protected health information.
Liquid Biopsy specialist, Guardant Health faced a cybersecurity attack about two months ago, according to an SEC filing for the firm’s initial public offering. The Redwood City, CA-based company said that private information from about 1,100 individuals was compromised.
“In July 2018, we experienced a security incident involving a phishing attack, and an unauthorized user obtained access to an email account of one of our employees,” the company said, according to the filing. “We have engaged an independent cybersecurity firm to conduct an investigation of the incident, and while the forensic investigation is still ongoing, it appears that the incident resulted in the unauthorized access of information, including PHI, over a five-day period, relating to approximately 1,100 individuals. The information accessed primarily includes patients’ names, contact information, birth dates, medical diagnosis codes, and, in a very limited number of cases, Social Security numbers.”
…A company spokesman said in an email Monday morning to the San Francisco Business Times that the incident remains under investigation and “we can’t comment further at this time.”
Guardant said it hired an unidentified cybersecurity firm to conduct an investigation.
“We continue to analyze the information that was accessed and intend to take additional steps to prevent future unauthorized access to our system and the data we maintain,” the company said in its IPO filing, “but we cannot guarantee that additional incidents will be avoided.”
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.