Metro Infectious Disease Consultants is informing 171,740 patients concerning an email security incident uncovered on June 24, 2021. An unauthorized person had acquired access to some employees’ email accounts which included the protected health information (PHI) of patients.
Upon uncovering the security incident, proper action was promptly undertaken to protect the accounts from further access. Metro Infectious Disease Consultants hired a computer forensics company to find out the nature and extent of the breach. The investigation affirmed that the breach was limited to its email platform and that the affected email accounts included patient information like names, addresses, birth dates, account numbers, insurance data, prescription details, minimal clinical data, driver’s license numbers, and Social Security numbers. The types of information included in the account differed from one person to another.
Metro Infectious Disease Consultants has issued breach notification letters to all people impacted by the incident and provided free credit monitoring and identity theft protection services to all people who had their driver’s license number or Social Security number compromised in the incident.
Metro Infectious Disease Consultants stated there is no reason to think that anyone’s personal data was misused, or that the unauthorized people had accessed the account or obtained patient information; nevertheless, as a safety measure, impacted persons were instructed to continually keep track of their account statements, credit reports, and explanation of benefits statements and be wary of suspicious transactions.
The computer forensics company reviewed the cybersecurity protection of Metro Infectious Disease Consultants and gave suggestions to improve security, which are being carried out to avoid data breaches later on.