Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.
Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.
Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.
Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.
Brandwine mentioned that the privacy and protection of the patients is a top priority. It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.
Types of attack to gain database access
Physical theft or loss of the device
Rogue employee or other insiders misusing privileges to gain financial or personal gains
Attacks on website and application by finding weaknesses in coding
Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees
Installing malicious software which misdirects users to fraudulent websites
‘Dedicated Denial of Service’ attacks
Payment card skimmers
Data breaches also occur due to human errors which includes below –
Sending sensitive information to the wrong person by email or fax by mistake
Making information publicly available on a web server or website by mistake
Incorrect disposing of data which also includes paper data
Losing electronic device which contains sensitive data
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.