It has been discovered that an unauthorized individual may have viewed the protected health information of 1,128 patients of Compassionate Care Hospice Las Vegas (CCHLV).
During a review on October 28, 2017, CCHLV found that its systems had been accessed without authorization. After finding the breach, CCHLV brought in a third-party forensics company to conduct a thorough investigation to look into breach and identify exactly who may have been affected by it.
While the external company confirmed access to data was possible, no evidence was uncovered to prove that any sensitive information was viewed or stolen by the attacker. However, it was not possible to completely rule out data access and theft with a 100% degree of certainty.
The types of data stored on the parts of the system that could have been accessed included names, dates of birth, addresses, Medicare card details, medical treatment information, health insurance particulars, and archived electronic health records. Financial information was not held on the part of the network compromised in the attack and remained protected at all times.
After discovering the issue, access to the network was blocked, CCHLV finished a comprehensive risk analysis to find possible vulnerabilities to the confidentiality, integrity, and availability of PHI and has reviewed and audited network security policies in line with this. To ensure that any future cyberattacks are found and addressed speedily, CCHLV has now employed intrusion detection and monitoring systems.
CCHLV notified all individuals who may have been affected by mail on December 14, 2017 and contacted the Department of Health and Human Services’ Office for Civil Rights to make them aware of the breach. Additionally, law enforcement agencies were notified and CCHLV is assisting with the investigation on an ongoing basis.
Finally all patients placed in danger by the breach have been offered, free of charge, credit monitoring and identity theft restoration services for a period of 12 months through Kroll.