There have been several healthcare email data breaches reported as of late. These breaches varied in the number of patients affected, however, all of them involved the unauthorized access to PHI. More details about the healthcare email data breaches are discussed.
Elara Caring Unauthorized Access to PHI
In December 2020, Elara Caring discovered that an unauthorized party had access to several of their corporate email accounts. Upon discovering the incident, Elara Caring quickly took steps to prevent further unauthorized access by resetting passwords and securing their systems. They also contracted a third-party cybersecurity firm, and notified law enforcement and the HHS’ OCR.
The investigation uncovered the potential unauthorized access to PHI of 100,487 patients. The unauthorized access to PHI potentially compromised patient names, addresses, Social Security numbers, driver’s license numbers, Employer ID numbers, financial or bank account information, dates of birth, email addresses and passwords, insurance information and insurance account numbers, and passport numbers.
Although there was no evidence that patient or employee data had been accessed, downloaded, or misused by the hacker, Elara Caring is offering one year of identity theft protection and credit monitoring. Potentially affected patients have also received breach notification letters.
Elara Caring has also advised the following:
- Never open links or attachments sent from untrusted or unknown sources.
- Monitor your personal accounts frequently, and promptly report any suspicious activity to your bank or credit provider.
- Change your passwords frequently and never share them with untrusted sources.
Covenant HealthCare Unauthorized Access to PHI
In another incident of unauthorized access to PHI, hackers gained access to Covenant HealthCare’s network through two employee email accounts. Although the accounts were only compromised for less than an hour, the hacker was able to exfiltrate the data of 45,000 patients. The compromised PHI included patient names, addresses, Social Security numbers, and other sensitive information.
Additionally, the FBI discovered Covenant employees’ login credentials and passwords available for sale on the dark web. To prevent similar healthcare email data breaches from occurring in the future, Covenant has increased their network security by implementing multi factor authentication.
