The protected health information of 1,128 clients of Compassionate Care Hospice Las Vegas (CCHLV) may have been accessed by an unauthorized individual person.
The person in question obtained gained access to the company’s may have viewed the content of the servers.
CCHLV discovered the violation on Mits network on October 28, 2017. The server was accessed by an unauthorized individual. CCHLV hired a firm specializing in forensics to carry out a full review to determine the nature of the breach and to identify all patients who were potentially harmed.
While the review confirmed access to data was possible, nothing was there to suggest any sensitive information was viewed or stolen by the unauthorized. However, it was not possible to completely rule out data access and theft with 100% degree of certainty.
The sort of information held on the parts of the network in question included names, dates of birth, addresses, Medicare numbers, medical treatment information, health insurance information, and archived electronic health files. Financial electronic data was not stored on the part of the network violated in the attack and remained secure at all times.
Once access to the network and server had been restored with adequate proctection in place, CCHLV ran a comprehensive risk analysis to identify potential vulnerabilities to the confidentiality, integrity, and availability of PHI and has reviewed and revised network security policies to bring this up to speed. To ensure that any future cyberattacks are noticed and addressed speedily, CCHLV has now utilized intrusion detection and monitoring systems.
CCHLV notified all those affected by mail on December 14, 2017 and reported the breach incident to the Department of Health and Human Services’ Office for Civil Rights. Following the discovery of the attack, law enforcement was made aware and CCHLV is continuing to help out with the ongoing investigation.
As an additional safeguard, all patients potentially damaged by the breach have been offered complimentary credit monitoring and identity theft restoration services for 12 months through the company Kroll.