Paubox blog: HIPAA compliant email made easy

Ohio Living suffers HIPAA email breach

Written by Seiji Iwasaki | September 21, 2018

On September 7, 2018,  Ohio Living  submitted a  HIPAA Email Breach to the  U.S. Department of Health and Human Services (HHS). Based in  Columbus, Ohio, Ohio Living’s email breach affected  6,510 individuals’  protected health information. Ohio Living is classified as a Healthcare Provider.

According to  this report about Ohio Living’s breach:

 

What Happened? On July 19, 2018, Ohio Living determined that there were potential unauthorized logins into some Ohio Living employee email accounts.  Previously, on July 10, 2018, Ohio Living became aware of suspicious activity relating to an employee email account. They quickly launched an investigation to determine what may have happened and what information may have been affected. Working together with a leading computer forensics expert, Ohio Living's investigation determined that an unknown individual accessed employee email accounts on July 10, 2018.  Because they were unable to determine which email messages may have been opened or taken by the unauthorized actor, Ohio Living reviewed the email accounts to identify what personal information was stored within them.
 
What Information Was Involved? On September 4, 2018, Ohio Living determined that the affected email accounts contained, and the unauthorized actor may have accessed or acquired, information related to certain individuals who attended an Ohio Living facility, and/or received treatment from an Ohio Living facility, including the following types of information: name, contact information, Social Security number, financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, and health insurance information. Ohio Living cannot confirm whether any individual's personal information was actually accessed, viewed, or acquired without permission. They are providing this notification out of an abundance of caution.
 
What They Are Doing. Ohio Living has strict security measures to protect the information in its possession. Upon learning of this incident, they quickly disabled the known impacted employee email account, changed the password, and notified other employees to be on the lookout for suspicious emails. Ohio Living then implemented password resets for all employees. They are currently implementing additional training and education for employees to prevent similar future incidents. 

 

HHS Wall of Shame

 

The  HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

 

HIPAA Breach Report

 

The  Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

 

Try Paubox Email Suite for FREE today.