According to Luxottica, PHI potentially compromised in the breach include patient names, contact information, appointment dates and times, health insurance policy numbers, and doctor or appointment notes that may indicate information related to eye care treatment, such as prescriptions, health conditions or procedures. Some patients also had their credit card and Social Security numbers exposed in the breach.
Although investigations into the Aetna ACE breach are still underway, it appears as though the PHI accessed in the incident has not been used by threat actors. Patients affected by the Aetna ACE breach will receive breach notification letters in the mail.
Protecting Your Organization Against an Email Breach
Most email breaches occur as a result of phishing attacks. A phishing attack occurs when an unauthorized entity disguises themselves as a trusted entity in an attempt to obtain sensitive information. Phishing attacks have become the leading cause behind healthcare breaches, and as such, you must prepare your organization against them.
What can you do?
The best answer (besides implementing advanced security tools to detect phishing incidents before someone falls victim), is training employees. Employees should be trained on how to recognize a phishing attempt, and how to report a suspected phishing attack.