PHI Exposed at Cardiac Imaging Associates & Centerstone of Tennessee Email Breaches

Cardiac Imaging Associates based in Los Angeles, CA, has found out that an unauthorized person got access to the email account of an employee. The healthcare provider discovered the incident in April 2022, and took action immediately to protect its email account to stop continuing unauthorized access. As per the forensic investigation, the incident was limited to only one employee email account that was accessed from March 30, 2022 to April 6, 2022. It wasn’t possible to know whether the attacker viewed or obtained any email message or attachment.

An analysis of all email messages and file attachments revealed that they comprised protected health information (PHI) including names, birth dates, driver’s license numbers, Social Security numbers, financial account data, payment card details, medical diagnosis, and condition data, medical lab data, drugs and prescription details, and medical treatment details.

After the completion of the analysis of emails on August 17, 2022, Cardiac Imaging Associates sent notification letters to impacted patients beginning on October 7, 2022. The provider also took steps to strengthen email system security. It is presently unknown how many persons were impacted.

Email Breach Impacts 3,675 Centerstone of Tennessee Patients

Centerstone based in Nashville, TN offers behavioral health and addiction services. It has announced an email environment breach after detecting unusual activity in the email account of one of its employees on February 14, 2022. The investigation revealed that an unknown actor accessed the email accounts of a number of employees from November 4, 2021 to February 14, 2022.

The email accounts had been found to consist of the personal data and PHI of present and past Centerstone customers. The analysis of the impacted email accounts ended on July 12, 2022, and after that, a search was done to determine the updated mailing details for those people. Centerstone reported the incident to the public on August 15, 2022.

The breached data differed from person to person and might have involved these data types: Name, date of birth, address, driver’s license or a government ID number, Social Security number, alien registration number, passport number, financial account details, biometric data, username and password, Medicare and/or Medicaid number, medical record number, medical insurance details, and/or medical diagnosis/treatment data.

Supplemental safety measures were put in place to boost the security of its email system. The breach report was submitted ed to the HHS’ Office for Civil Rights indicating that 3,675 present and past Centerstone of Tennessee patients were affected.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA