PHI of 8,400 Billings Clinic Patients Compromised Due to Hacked Email Account

8,400 patients’ protected health information (PHI) included in the email account of a personnel of Billings Clinic in Billings, MT was exposed. The cybersecurity systems of the clinic spotted a number of strange activities that led to the discovery of the information breach on May 14, 2018. Promptly, the clinic secured the email account however it could have been likely that an unauthorized individual already saw or duplicated the PHI of patients.

There was minimal data in the account. There was no financial details nor Social Security numbers stored in the email account and for that reason these information remained secure. The data in the account was obtained from patient appointments specifically the patients that scheduled appointments for healthcare services starting year 2008 to 2011.

The compromised data in the account were names, contact information, birth dates, explanation of healthcare services, medical record numbers, diagnoses and internal financial control numbers. In accordance with the investigation, just this email account was compromised during the breach. A lot of data breaches just like this case is caused by employees who respond to phishing attacks. Nonetheless this specific case did not originate from a phishing attack. The employee went overseas just lately to accomplish a medical mission. Though away, the unauthorized individual got the employee’s email information. It’s likely that he intercepted the login account when the employee hooked up to unprotected public Wi-Fi or phony Wi-Fi hotspot.

Medical organizations must ensure that employees understand the risks whenever they hook up to public Wi-Fi networks. This is specially crucial if employees are permitted to take sensitive data with them in portable gadgets or gain access to PHI wirelessly. Workers really ought to only be connected to the internet utilizing a VPN or virtual private network. The VPN software need to be updated and a web-filtering solution is recommended whenever accessing the account beyond the company’s firewall.

About Christine Garcia 1312 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at