Email hacking leads to potential data breach

September 22nd, 2015 by admin Leave a reply »

Oakland Family Services is dealing with a potential PHI data breach after one of its employees email was reportedly hacked. The organization reported that an unauthorized individualgained access to an employee email account and possibly viewed patient PHI. According to reports, EMR databases and other agency email accounts and databases were not affected.

Statement mentioned that 16,000 clients will be sent data breach notification letters and 173 had a Social Security number present in the affected email account.

Affected information includes client names, internal client ID numbers, dates of service and types of service provided. Oakland Family Services added that in a few cases, the emails also included dates of birth, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers. Financial information was not included in the email account, the provider added.

An internal investigation has shown that the rogue user had access to the account for 23 minutes, it is believed with the intent of perpetuating a phishing scheme,Oakland Family Services explained in a statement. Following a phishing email sent to the employees email contacts, none of which were clients, the hacker exited the account.

The incident was discovered on the same day that the hack took place. Oakland Family Services explained that it immediately terminated the hackers access to the account.

Oakland Family Services Director of Information Technology David Partlo said in a statement that the provider maintains an extensive security program to safeguard clients PHI.” This includes annual staff trainings, regular third-party audits of the Oakland Family Services security protocol, and strong passwords.

We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented,” Partlo said. “We feel reassured by the fact it doesnt appear the person gained access in search of PHI, but simply to perpetuate the phishing scheme, based on the amount of time the hacker spent in the account and the actions we know he or she took.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply