Phoenix Children’s Hospital, which provides specialty pediatric services, released a notice January 14 to inform the public and its patients about a late 2019 “data incident.”
Who was affected by the breach?
In November 2019, the hospital discovered that between September 5 and 20 an unauthorized third party accessed seven employee email accounts through phishing. According to Phoenix Children’s, the breached email accounts stored limited protected health information (PHI), such as full names. In some instances, patients’ had their social security numbers (SSNs) and certain health information uncovered.
What steps did Phoenix Children’s take after discovering the breach?
Phoenix Children’s sent written notification to 1,860 patients to inform them that someone had stolen certain PHI during the breach. The hospital recommended that affected patients should review their financial statements periodically though the PHI did not include financial information. Those with impacted SSNs received complimentary credit monitoring and identity protection services. Phoenix Children’s emphasized that the hospital was “taking measures to help prevent this type of incident from occurring in the future” without providing specifics. The notice further stated that a comprehensive inquiry is currently underway. The Office for Civil Rights’ (OCR) lists the hospital on its ‘ Cases Currently Under Investigation’ breach list as a hacking/IT incident. Between November 2019 and now, OCR lists close to 100 healthcare organizations and over 1 million patients affected; the largest is PIH Health with 199,548 impacted patients.
How can you protect your employees and patients?
While Phoenix Children’s breach may not have been the largest, it demonstrates the necessity of a strong cybersecurity program. And how necessary it is to have HIPAA compliant email. Such incidences should, in fact, serve as a reminder to remain vigilant about cybersecurity. Phishing attacks can happen at any given moment in healthcare as no amount of PHI is too small for cybercriminals. Take the first steps to ensure HIPAA compliance before a breach occurs by utilizing strong security measures such as email encryption and inbound security with Paubox Email Suite Plus.