Catawba Valley Medical Center suffers HIPAA email breach

Featured image

Share this article

hipaa email breach, hipaa email data breach, paubox hipaa breach report

On October 12, 2018, Catawba Valley Medical Center submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).

Based in Hickory, North Carolina, Catawba Valley Medical Center’s email breach affected 20,000 individuals’ protected health information.

Catawba Valley Medical Center is classified as a Healthcare Provider
According to this report about Catawba Valley Medical Center’s breach:

On August 13, 2018, Catawba Valley Medical Center (CVMC) in Hickory, NC discovered an unauthorised individual accessed the email account of a CVMC employee. Upon discovery of the email breach, steps were taken to secure the account and prevent further access and a third-party computer forensics firm was called in to assist with the investigation and determine the extent of the breach.

That investigation revealed that between July 4 and August 17, 2018, three employees’ email accounts had been compromised after the employees responded to phishing emails. Some of the emails in those accounts contained patients’ protected health information including names, dates of birth, details of medical services received at CVMC, health insurance details, and for certain patients, Social Security numbers.

No evidence was found to suggest that any emails had been accessed or copied and no information has been received to suggest patient health information has been misused in any way.

The phishing incidents have prompted CVMC to hire security experts to enhance employee education, more robust email security controls have been implemented, and CVMC will continue to upgrade hardware and software as appropriate to repel malicious threats.

All patients whose protected health information may have been compromised as a result of the email account breaches were notified by mail on October 12, 2018.

The breach summary on the HHS’ Office for Civil Rights’ breach portal indicates up to 20,000 patients have potentially been affected by the email account breaches.

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Seiji Iwasaki

Read more by Seiji Iwasaki

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022