PHI Exposed Due to Breaches at Elara Caring, Cornerstone Care and ProPath

by | Mar 10, 2021 | Compliance News

Elara Caring, one of the United States’ biggest home-based medical care services providers, has encountered a phishing attack that affected about 100,000 patients.

In the middle of December, the provider discovered suspicious activity in a few email accounts of workers. It took immediate action to protect the accounts and stop the attackers from being able to access the email accounts. A third-party cyber security company aided in scrutinizing the incident.

The investigation established that an unauthorized individual accessed a number of employee email accounts, even though no information was uncovered that indicates the attackers accessed or acquired any patient data in the email accounts. It was impossible to exclude theft of information.

An analysis of the breached email accounts showed they comprised the sensitive data of 100,487 patients, which include names, dates of birth, Employer ID numbers, Social Security numbers, driver’s license numbers financial/bank account details, passport numbers, home address, email addresses, and security passwords, insurance data and insurance account numbers. Elara Caring offered the people impacted by the incident complimentary credit monitoring and identity protection services.

The provider also took action to strengthen data security and has provided supplemental training about cybersecurity to its staff members.

Email Account Breach at Cornerstone Care Affects 11,487 Individuals

An unauthorized person accessed an email account holding the PHI of 11,487 patients getting services from Cornerstone Care community health centers based in Northern West Virginia And Southwestern Pennsylvania.

The company discovered the email account incident on June 1, 2020 and employed third-party security professionals to help investigate the breach. It was established that the breach simply affected one company email account. An evaluation of the PHI contained in the account was done on January 13, 2021.

The account had the names and addresses of patients plus, for a number of people, birth date, Social Security number, medical record, illness, treatment method, diagnosis, and/or medical insurance data. People whose Social Security number was affected got free credit monitoring and identity theft protection services.

Cornerstone Care mailed notifications to the impacted persons on February 25, 2021. It additionally employed multi-factor authentication on the email accounts.

ProPath Email Accounts Viewed by an Unauthorized Person

ProPath, the United States’ major, nationwide, fully physician-owned pathology practice, has found out an unauthorized person who got access to two email accounts that contain patient data.

The unauthorized individual gained access to the email accounts from May 4, 2020 to September 14, 2020. ProPath discovered on January 28, 2021 that PHI in the email accounts were the names of patients, birth dates, test orders, medical diagnosis and/or clinical treatment data, medical procedure details, and doctor name. The Social Security number, financial account details, driver’s license number, health insurance details, and/or passport number of some people were likewise compromised.

People whose Social Security number was exposed were provided credit monitoring services at no cost. Staff members have gotten more training to support them discover malicious messages and more technical safety measures have already been put in place.

It’s not yet confirmed how many persons the incident affected. ProPath mentioned lots of men and women who obtained testing from the provider were not impacted by the breach.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy