Eduro Healthcare in Salt Lake City, UT has advised 8,059 individuals regarding the potential exposure of their PHI. In March 2021, the healthcare company found suspicious activity in its network and took quick action to control the breach. The healthcare company applied its incident response plan which allowed it to immediately re-establish network access.
Euro Healthcare mentioned the immediate action undertaken as a reaction to the breach was thought to have stopped unauthorized people from viewing and exfiltrating patient data; nonetheless, on August 24, 2021, Eduro Healthcare uncovered that a number of patient data were exfiltrated and uploaded on a dark web data leak page.
Then began a meticulous process of determining the persons impacted and the types of records that were compromised. That process was concluded on October 21, 2021. The exposed information included last and first names, birth dates, names of provider, date(s) of service, treatment details, medical insurance data, and Social Security numbers. Impacted people have been provided one year of free credit monitoring and identity restoration services via IDX and will be secured by a $1,000,000 identity theft insurance protection plan. Eduro Healthcare has enforced further security controls, carried out a full review of all accounts, toughened password standards, reconfigured its firewall, integrated multi-factor authentication on email accounts, and made updates to its system security methodologies and procedures.
Email Account Breach at Southern Orthopaedic Associates
Southern Orthopaedic Associates (SOA) based in Paducah, KY has begun informing 106,910 patients concerning a breach involving their protected health information (PHI).
SOA discovered unauthorized activity in the email account of a staff member approximately July 8, 2021. The healthcare provider quickly took action to protect the account. An investigation was started to find out the nature and extent of the breach. Aided by a third-party computer forensics firm, SOA confirmed that a few staff email accounts were compromised between June 24, 2021, and July 8, 2021; nevertheless, it wasn’t able to tell which, if any, messages in the account were viewed.
A detailed analysis was done of all email messages and attachments in the breached accounts to ascertain whether they included any protected health information. The evaluation was done on October 21, 2021, and established that the accounts comprised patient names as well as Social Security numbers.
SOA mailed notification letters to the affected persons beginning on December 12, 2021. Complimentary 12-months membership to credit monitoring services via Experian has been provided to affected individuals. Extra safety measures to strengthen email security had been put in place. The employees were given additional security awareness education.