Metro Infectious Disease Consultants falls victim to an email breach

Featured image

Share this article

Metro Infectious Disease Consultants falls victim to an email breach - Paubox

Metro Infectious Disease Consultants (MIDC) has fallen victim to an email breach. MIDC consists of over 100 infectious disease physicians with locations in Illinois, Alabama, Arizona, Georgia, Michigan, Missouri, and Kansas.

Unfortunately, there has been an uptick in email breaches recently, resulting in the exposure of personally identifiable information (PII) and protected health information (PHI).

For covered entities and their business associates, employing strong email security (i.e., HIPAA compliant email) along with other cybersecurity methods is the safest way to combat email breaches.

What happened?

According to MIDC’s incident notice, the breach occurred on June 24 when an unauthorized third party gained access to employee email accounts. More than likely the hackers gained access via a successful email phishing attack.

Upon learning of the incident, MIDC secured the compromised email accounts to prevent further exposure. The organization also hired a third-party forensic firm to investigate the security of its email and computer systems.

While MIDC does not believe the threat actor viewed or acquired PHI, the stolen emails did contain names, addresses, dates of birth, Social Security numbers (SSNs), driver’s license numbers, account numbers, insurance information, prescription information, and limited clinical information.

According to OCR’s Breach portal, the hacking/IT incident affected 171,740 individuals. MIDC has notified all affected individuals and arranged for complimentary credit monitoring for those whose SSNs and/or driver’s license numbers were impacted.

Email breaches

Email is the most accessible threat vector (or entry point) into any computer/network. Phishing, also known as email spoofing or email impersonation, involves a malicious attempt to trick victims into giving up personal and/or online account information.

RELATEDPhishing attacks wreak havoc on healthcare providers

Phishing is a major cause of breaches today because of how easy it is to use social engineering techniques to trick a victim.

Such malicious emails can be targeted (spear phishing) or sent en masse (spam) and often contain malware that spreads throughout a system shutting a network down or encrypting/stealing data.

The outcome depends on what the cyber attacker was after, including sabotage, information, or a ransom.

Healthcare data breaches

CISA (the U.S. Cybersecurity & Infrastructure Security Agency) recently put out a fact sheet on preventing ransomware attacks in part because of recent high-profile attacks on healthcare organizations.

Moreover, a new report has revealed that smaller, outpatient facilities (like MIDC) and business associate attacks are increasing. Healthcare, and these two groups in particular, is a prime target for email breaches for two main reasons: the general lax state of cybersecurity and overworked staff.

RELATEDWhat you don’t know about cybersecurity can put your business at risk

Unfortunately, human error is unavoidable because tired or unaware employees are easy to compromise and not likely to be up-to-date on cyber risks. On the other hand, healthcare providers can (and should) fix cybersecurity issues.

Prevent cyber mistakes

Cybersecurity is something that healthcare organizations of all sizes can strengthen by using a layered approach that includes:

  • Up-to-date and consistent policies and procedures
  • Continuous employee awareness training
  • Strong technical and physical access controls
  • Offline backups
  • Patched and updated systems and devices

And according to CISA’s fact sheet, risk management and breach plans, network segmentation, and encryption as well.

Moreover, no cybersecurity program is complete without solid email security.

Paubox Email Suite Plus is HITRUST CSF certified security software that protects email from inbound and outbound threats. All outbound emails are encrypted directly from your existing email platform (such as Microsoft 365 and Google Workspace), requiring no change in email behavior. No extra logins, passwords, or portals for your or your email recipients.

Our solution also reviews incoming emails for potential threats and quarantines anything that raises a red flag. Paubox’s patent-pending Zero Trust Email feature applies the Zero Trust security framework to email, requiring additional proof of legitimacy before delivering any message.

With the right tools in place, all healthcare providers can safeguard themselves, their employees, and their patients’ PHI.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022