by Seiji Iwasaki
Article filed in
Reliable respiratory suffers HIPAA email breach
by Seiji Iwasaki
On September 1, 2018, Reliable Respiratorysubmitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Based in Norwood, MA, Reliable Respiratory’s email breach affected 21,311 individuals’ protected health information.
Reliable Respiratory is classified as a Healthcare Provider.
According to this report about Reliable Respiratory’s breach:
A cyberattack was suspected on July 3, 2018, following the detection of unusual activity in an employee’s email account. An investigation was launched to determine the cause of that activity, which revealed the employee had been targeted with a phishing campaign. The response to a phishing email resulted in the disclosure of that individual’s login credentials.
The unusual account activity was detected on July 3 and the account was immediately secured. Computer forensic specialists were retained to determine the nature and extent of the breach. The breach investigation confirmed that the account had been accessed by an unauthorized individual between June 28 and July 2. An analysis of the emails contained in the account showed a wide range of protected health information could potentially have been accessed by the attacker.
Patients are now being notified of the breach by mail and have been advised to monitor their account statements and explanation of benefits statements closely for signs of identity theft and fraud. No mention was made in its substitute breach notice about whether credit monitoring and identity theft protection services are being offered to affected patients.
Patients affected by the breach may have had the following types of protected health information exposed: Name, date of birth, medical record number, medical diagnosis, treatment information, medication/prescription information, username and password, patient claim/billing information, health insurance information, driver’s license number, state identification number, Social Security number, passport number, bank or financial account information, and credit or debit card information.
Reliable Respiratory will be implementing additional safeguards to improve the security of its systems and will update its policies and procedures to reduce the risk of experiencing future cyberattacks.
Reliable Respiratory Email Platform
We did an MX record lookup for Reliable Respiratory and determined they are using Microsoft 365 as their email platform.
We have seen an alarming number of Microsoft 365 customers reporting HIPAA Email Breaches in 2018.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.