Share this text on:
The Detroit-based Henry Ford Health System has began notifying virtually 18,500 sufferers that a few of their secure well being data has doubtlessly been accessed by means of an unauthorized person.
The breach used to be detected on October three, 2017 when unauthorized get entry to to the e-mail accounts of a number of staff used to be detected. While secure well being data used to be doubtlessly accessed or stolen, the well being machine’s EHR machine used to be no longer compromised at any level. All knowledge used to be confined to the compromised electronic mail accounts.
It is these days unclear precisely how get entry to to the e-mail accounts used to be won. Typically, breaches similar to this contain phishing assaults, the place a couple of emails are despatched to healthcare staff that idiot them into disclosing their login credentials. An interior investigation into the breach is ongoing to resolve the reason for the assault and the way the login credentials of a few of its staff have been stolen.
Henry Ford Health System has carried out a evaluate of all emails within the accounts and has made up our minds that 18,470 sufferers were affected. The emails contained a spread of knowledge on sufferers together with names, scientific file numbers, dates of beginning, supplier’s title, division’s title, location, dates of carrier, scientific diagnoses, and the title of well being insurers. Each affected person impacted by means of the breach had some or the entire above data uncovered. Financial data and Social Security numbers weren’t found in any of the compromised electronic mail accounts.
At this level within the investigation it’s unclear whether or not the one who accessed the accounts seen or stole any data, and whether or not any of the PHI has been used inappropriately.
A spokesperson for Henry Ford Health System stated, “We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted,” and “To reduce future risk of this happening again, we are strengthening our security protections for employees, all of whom will be educated about this measure in the coming weeks.”
Henry Ford Health System may also be reviewing its insurance policies on electronic mail retention and the usage of two-factor authentication.
18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised