In one of the largest breaches reported in 2022 so far, SuperCare Health suffered a hacking incident affecting 318,379 patients. The network intrusion was initially detected on July 27, 2021. However, it took SuperCare Health until February 2022 to discover the incident had potentially compromised that patient information. More details regarding the SuperCare Health hack are discussed below.
What Do We Know About the SuperCare Health Hack?
In a statement on SuperCare Health’s website, they provided details regarding the hacking incident, “On July 27, 2021, we discovered unauthorized activity on our systems. In response, we immediately began containment, mitigation, and restoration efforts to terminate the activity and to secure our network, systems, and data. In addition, we retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist us in determining what happened.”
The statement furthered, “The forensic investigation revealed that an unknown party had access to certain systems on our network from July 23, 2021, to July 27, 2021. Based on that information, we worked diligently to identify the potentially affected files and their contents. On February 4, 2022, we determined that the potentially impacted files contained some information relating to certain patients. Please note that to date, we have no reason to believe that any information was published, shared, or misused as a result of this incident.”
Upon initial discovery, it was unclear whether or not protected health information (PHI) was accessed or disclosed during the hacking incident. However, after contracting a third-party forensic firm to investigate, it was found that some of the compromised information included PHI. These files contained names, addresses, dates of birth, hospital or medical group, patient account numbers, medical record numbers, health insurance information, testing/diagnostic/treatment information, other health-related information, and claim information. Social Security numbers and driver’s license numbers were also potentially compromised for some patients.
Patients affected by the SuperCare Health hack were notified via mail on March 25, 2022, and the Department of Health and Human Services was notified on March 28, 2022.
How Can You Prevent Your Practice From Hacking?
Hacking incidents generally occur due to security deficiencies. The best way to protect PHI is by conducting annual security risk assessments (SRA) to identify your security gaps and implementing remediation plans to address gaps. You must also have HIPAA policies and procedures in place that address the HIPAA Security Rule requirements and train employees on those policies and procedures and cybersecurity best practices. In essence, the best way to prevent hacking is through HIPAA compliance.