Ciox Health, a healthcare information management company, recently reported that over 12,000 patients had their protected health information (PHI) exposed after an employee email account was breached. This is all the more evidence that HIPAA compliant email is important.
In a notice posted on its website, Ciox Health claims that a hacker gained unauthorized access to an employee email account that contained “limited patient information related to Ciox billing inquiries and/or other customer service requests.” The incident occurred between June 24, 2021 and July 2, 2021. It’s possible that the hacker was able to download emails and attachments within the account.
The sensitive data that was in the account included:
- Patient names
- Provider names
- Dates of birth
- Dates of service
- Social Security numbers
- Driver’s license numbers
- Health insurance information
- Clinical or treatment information
The patient PHI was collected by 32 healthcare providers using Ciox Health services. A full list of affected healthcare providers can be found here.
While healthcare organizations are often victims of targeted attacks, Ciox Health stated that it believes the hacker was “sending phishing emails to individuals unrelated to Ciox, not to access patient information.”
How is Ciox Health responding to the data breach?
The email breach serves as a reminder that business associates need to remain vigilant in keeping employees trained on cybersecurity awareness. Ciox Health plans on enhancing its training to its employees as a result of this incident.
The business associate is also working on identifying and implementing procedures to strengthen its email security. This may mean Ciox Health will look for robust inbound security tools to keep employee inboxes safe from malicious emails.
How can healthcare providers and business associates protect themselves from phishing emails?
Phishing emails are one of the most common threat vectors that hackers use to gain access to email accounts and networks. Paubox Email Suite offers a variety of features to keep your inboxes safe and secure from cyberattacks.
Our Plus and Premium plans have robust inbound security tools that are constantly updated to protect your inboxes from scams, viruses, and phishing attacks. We also have advanced security tools to protect data, including ExecProtect that prevents display name spoofing, and Zero Trust Email for an additional layer of authentication.
HIPAA compliant email and strong email security have never been easier. Our HITRUST CSF certified software has a business associate agreement (BAA) included in every plan, so you can start preparing today to protect your healthcare organization from a cyberattack.