Another Health Care Breach Shines Light on Cyber Risks

Another Health Care Breach Shines Light on Cyber Risks

First there was news of Anthem’s massive data breach of nearly 80 million records, followed by Premera’s breach of 11 million records, and more recently of First BlueCross BlueShield in which a cyber attack affected an estimated 1.1 million people and the data compromise that affected 1,000 heart patients at Cleveland-based MetroHealth System. Now the latest healthcare organization hit by a cyber attack is Beacon Health Systems (BHS) in Indiana, which oversees Memorial Hospital in South Bend and Elkhart General Hospital.

The cyber attack at BHS was discovered in March, according to a press release by the organization, with unauthorized access of emails beginning as early as November and the last known access attempt taking place on January of this year. The hacker reportedly gained access to email accounts after BHS employees were fooled into disclosing their login credentials in an email phishing campaign. This exposed personal and protected health information of 220,000 patients. However, BHS reports that it hasn’t yet found any evidence of information being misused.

“While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, BHS confirmed that patient information was located within certain email boxes,” BHS’ news release read. “The majority of accessible information related only to patient name, doctor’s name, internal patient ID number, and patient status (either active or inactive).”

The accessible information included: Social Security number, date of birth, driver’s license number, diagnosis, date of service, and treatment and other medical record information, according to BHS.

BHS has begun notifying affected individuals of the breach via mail. In addition, the health agency is offering affected individuals with access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist, noted the South Bend Tribune. According to BHS, it’s also reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again.

With the health care industry so vulnerable to cyber attacks, stepping up security measures is vital. Moreover, reviewing the Cyber Liability insurance in place is critical. Caitlin Morgan can provide you with assistance in securing Cyber protection for your insureds in the health care industry. It’s quite evident that it doesn’t matter how large or small an organization – they are all vulnerable to breaches as cyber criminals mine the valuable data these firms possess.  Give us a call at 877.226.1027 to discuss how we can assist you.


Sources: South Bend Tribune, HIPAA Journal