PHI Breach at Management and Network Services and Santa Rosa & Rohnert Park Oral Surgery

Management and Network Services (MNS), LLC based in Dublin, OH provides post-acute healthcare companies with administrative support services. The email accounts of some MNS employees were found to have been compromised.

MNS explained in a May 4, 2020 breach notification letter that it found out on or about August 21, 2019 that a number of employee email accounts were accessed by unauthorized persons from April to July of 2019. The review of the email accounts lately showed that five accounts held the protected health information (PHI) of patients of MNS’
clients.

The data in email messages and attachments differed from person to person and might have included these data elements: name, health treatment data, diagnosis data/codes, medication data, dates of service, insurance company, medical insurance number, birth date, and Social Security number. The State ID card number, driver’s license number, and/or financial account data of some people were also exposed.

MNS has done what is necessary to enhance email security including improving password policies throughout the entire organization and having multi-factor authentication in all email accounts of employees.

The HHS’ Office for Civil Rights breach portal indicates that some PHI of 30,132 patients were exposed.

Email Security Breach at Santa Rosa & Rohnert Park Oral Surgery

Santa Rosa & Rohnert Park Oral Surgery on Portland, OR learned that an unauthorized person accessed an employee’s email account. The provider became aware of the breach on March 11, 2020 after discovering suspicious activity in the email account. The forensic investigators confirmed the breach of the email account on December 20, 2019 and that it was accessible until March 11, 2020 upon the security of the account. The compromised email account contained a variety of PHI which the attacker might have viewed or acquired.

Santa Rosa & Rohnert Park Oral Surgery offered affected persons free MyIDCare credit monitoring and identity theft protection services via ID Experts. Policies and procedures are likewise being reviewed for enhancement, while information security is being improved.

About Christine Garcia 1295 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA