The South Denver Cardiology Associates (SDCA) suffered a data breach that potentially exposed the protected health information (PHI) of 287,652 patients. As part of HIPAA compliance, the data breach was reported to the HHS Office of Civil Rights (OCR) and all impacted patients were notified within 90 days of detection.
SDCA noticed unusual network activity on January 4, 2022. An incident response plan was implemented, which involved securing the network and shutting off select computer systems.
Read more: Avoid the worst-case scenario with a business continuity plan
An investigation conducted with the assistance of a computer forensic firm determined that an unauthorized individual had access to the network between January 2 and January 5. The person had access to certain files that contained patient information.
These files contained patients’ names, dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates and types of service, and diagnoses. Patient medical records were not impacted nor the patient portal.
SDCA plans on enhancing security measures, although no specific protocols were mentioned. “Events of this nature are affecting an increasing number of companies in the U.S. and around the world,” said SDCA in a statement. “The federal government, law enforcement, and industry experts are working in tandem to address this activity.”
The rising threat of healthcare cyberattacks
Healthcare organizations are at particular risk of being targeted by cybercriminals. Lisa J. Pino, Director of the OCR, released a statement that the recent rise of cyberattacks means that covered entities and business associates should prioritize enterprise-wide risk analysis.
The American Hospital Association (AHA) has also cautioned that healthcare organizations need to maintain a proactive cybersecurity approach due to the Russian invasion of Ukraine.
To combat cybersecurity threats, the U.S. federal government and law enforcement created the cryptocurrency crime unit and the ransomware and digital extortion task force.
Cybersecurity is a developing landscape, and healthcare organizations must have an updated and robust cybersecurity system in place to ward off attacks.
Malicious emails are often one of the most common threat vectors that cybercriminals use to gain access to a network. All it takes is for one employee to mistakenly interact with a phishing email to potentially cause a data breach.
Protecting your employees from malicious emails is one effective way of blocking potential threats. Paubox Email Suite Plus can detect phishing emails, spam, viruses, and malware, and then quarantine those emails. They won’t be delivered to your employees’ inboxes, which means human error won’t cause cybercriminals to infiltrate your network.