Over 212,500 Patients Affected by Email Account Breach at Florida Digestive Health Specialists

The gastroenterology healthcare provider based in Bradenton, FL called Florida Digestive Health Specialists (FDHS) has lately begun informing over 212,000 patients regarding the exposure of some of their protected health information (PHI) in a cyberattack in December 2020.

Attorney Jason M. Schwent of Clark Hill sent breach notification letters to impacted persons on December 27, 2021. The letters mentioned that suspicious activity was discovered in the email account of an employee on December 16, 2020, and an unauthorized person sent email messages using that account.

This sort of attack, a business email compromise attack, involves an attacker who gets access to an internal email account, normally through a phishing email, and then uses the account to impersonate the worker and convince other persons to perform bogus wire transfers. In this instance, on December 21, 2020, FDHS identified a fraudulent fund transfer to an unidentified bank account.

FDHS hired the expert services of Clark Hill and a third-party cybersecurity company to look into the cyberattack. The investigation affirmed that unauthorized individuals had accessed some employee email accounts. Those email accounts were identified as “voluminous” and included the personal data and protected health information (PHI) of 212,509 individuals. In this type of attack, the goal of the attack is to get payments by means of fake wire transfers instead of acquiring patient information; nevertheless, data theft cannot be excluded.

The amount of information found in the breached email accounts was given as a rationale for the 12-month delay in sending notification letters to impacted patients. FDHS stated the analysis of the email accounts took a long time and just ended on November 19, 2021.

Because of the breach, a number of changes had been done to its IT systems to enhance security. The safety measures comprise of a password reset throughout its IT system, setup of multifactor authentication, fortifying password standards, and re-setting of its firewall.

Impacted persons were given free credit monitoring and identity theft protection services for 12 months.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA