Email Account Breaches at Alameda Health System, EyeMed Vision Care and Century Specialty Script

Alameda Health System (AHS) based in Alameda, CA, an inpatient, outpatient, emergency, and wellness services provider around the East Bay area, became aware that an unauthorized individual had briefly gained access to an employee’s email account.

AHS found out about the access of the account for a short time on April 8, 2020. The healthcare provider identified the security breach on June 17, 2020.

With the assistance of a top forensic security company, AHS confirmed the potential exposure of the following types of data: names, birth dates, appointment times, medical record numbers, limited medical data, medical insurance details, driver’s license numbers, and Social Security numbers.

AHS and the forensic investigators did not uncover any proof to show the theft or misuse of any information for the intent of performing identity theft or fraud. However, as a safety measure, AHS offered free membership to credit monitoring and identity theft protection services to the people whose Social Security number was possibly exposed.

AHS submitted the breach report to HHS’ Office for Civil Rights and indicated that 2,691 persons were impacted by the data breach.

Email Account Breach at EyeMed Vision Care

EyeMed Vision Care LLC located in Ohio is a vision benefits firm, which discovered unauthorized access to its corporate email mailbox. The unauthorized person used the account to distribute phishing emails to contacts in the address book. On July 1, 2020, EyeMedVision Care discovered the breach and secured the account immediately.

A breach investigation confirmed that the unauthorized person got access to the email account on June 24, 2020. The email account held the electronic protected health information (ePHI) of people who presently or have formerly got vision benefits from EyeMed. The following information is contained in the email account: names, dates of birth, email addresses, addresses, telephone numbers, and vision insurance account/identification numbers. Some persons likewise had their diagnoses and eye conditions, treatment data, and full or partial Social Security numbers included in the account.

It wasn’t possible to ascertain if any of the details were viewed or gotten by the hacker during the time the email account was accessible. Nevertheless, there is no information received that indicate the misuse of any data. EyeMed Vision Care provided the affected people a two-year complimentary credit monitoring and identity protection services membership.

EyeMed has since provided its workers with extra security awareness HIPAA training and has carried out stricter security procedures for authorized access to its network.

Email Security Breach at Century Specialty Script

Century Specialty Script, LLC, the specialty pharmacy in New York, found out that one of its employee’s Office 365 account was accessed by an unauthorized person. The pharmacy became aware of the breach on or around July 28, 2020 and secured the account right away.

A forensic investigation company investigated the breach and affirmed the attacker’s access to just one Office 365 account. Only the Office 365 environment was affected by the breach. As a safety measure, all Office 365 account passwords were altered.

The email account contained these data elements: names, birth dates, address, contact details, prescription data, and insurance details. The forensic investigation company could not determine whether the attacker obtained any data in the account.

Because of the breach, Century Specialty Script took steps to improve email security to avert the same breaches later on.

About Christine Garcia 1295 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA