The personal data of some 42,000 patients may have been criminally exposed for three months after several employees of a Florida-based health insurance provider experienced phishing attacks.
Officials at Health First, Rockledge, FL, recently notified customers about the breach, which was reported to the Department of Health and Human Services in October, according to a report by HealthITSecurity.com, a site that covers news related to HIPAA compliance, cyber security, and privacy. The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, phishing has become an increasing concern impacting the healthcare industry. In its 2017 Data Vulnerability Report, INTERMEDIA, a cloud-based email provider based in Mountain View, CA, surveyed 1,000 information technology (IT) employees and found that 25% of them admitted to being fooled by a phishing scam, that 31% were not familiar with ransomware, and that 30% of these office workers said they did not receive regular training on how to deal with cyber threats.
Once theses specific cyber attacks were discovered, officials blocked access to the impacted accounts and changed the passwords, and new security measures have been implemented, according to the report.
Despite the exposure to patients, only a limited number of emails were said to have been viewed. All affected patients have reportedly been notified of the breach and that their protected health information, generally defined as information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual, may have been compromised.