An in -depth review of the email account showed it included names, dates of birth, health insurance information, Social Security numbers, prescription details, treatment information, and clinical data like diagnoses and provider identities.
Individuals impacted by the breach were made aware on February 10, 2020. Complimentary credit monitoring services have been offered to individuals whose Social Security number was exposed.
The breach lead Confido conducting additional security awareness training to its employees and additional procedures have been introduced to strengthen email security.
Meanwhile Healthcare Resource Group, a supplier of billing services to Barlow Respiratory Hospital in Los Angeles, CA, discovered that an employee’s email account was hacked by an unauthorized individual. An investigation was carried out which showed that the email account was accessed between November 4, 2019 and November 30, 2019.
A review of the email account showed emails and attachments contained a limited amount of protected health information of current and previous Barlow Respiratory Hospital patients.
A third-party company was hired to review the account to determine what range of information had been compromised. The review was finished on February 27, 2020 and showed patient names had been exposed along with one or more of the following data elements: Date of birth, Social Security information, driver’s license number, medical record number, patient account number, health insurance data, treatment specifics, and medical billing or claims details.
Healthcare Resource Group issued notifications to impacted clients on behalf of Barlow Respiratory Hospital on April 7, 2020. One year’s subscription to credit monitoring and identity theft restoration services has been offered to impacted patients.