Covenant HealthCare, Michigan’s sixth-largest medical facility, suffered a breach of patient data, including contact information and healthcare data, after hackers accessed the email accounts of two employees.
As per reports, the security breach suffered by Covenant HealthCare potentially compromised the health records of nearly 45,000 patients through the breached email accounts. In a security incident notification, the Saginaw, MI-based healthcare provider, said that the two email accounts contained a treasure of patients’ personal and healthcare information.
The exposed data included patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis, and clinical information, medical treatment information, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information.
According to Covenant HealthCare, the breach took place in May last year. After the breach was discovered, it engaged external cybersecurity professionals to investigate the incident and determine its fallout. “We have no evidence that any of the information has been misused,†it said, adding that the breach was discovered in December last year.
A spokesperson from Covenant revealed that the FBI found a person on the dark web attempting to sell off login IDs and passwords associated with the hospital chain’s IT network. Carl Heiden, CEO at Heiden Technology Solutions, told WNEM.comOpens a new window , “These hackers take that information and usually don’t exploit it, just sell that info on the dark web. Usually it’s about a dollar or two dollars per information but you’re talking thousands, if not tens of thousands of pieces of information.â€
See Also: 6 Biggest Healthcare Data Breaches of 2020
Covenant HealthCare said it contacted all affected patients on February 19 to inform them about the exposure of their data records and advised them about the steps they need to take to defend against fraud or identity theft. Besides, it also took steps to strengthen the security of its systems.
“We deeply apologize that this incident occurred and will take additional actions to maintain the privacy of personal information in our possession. We are committed to keeping your personal information safe and pledge to continually evaluate and modify our practices and internal controls to enhance security and privacy,†the HPO said.
Covenant HealthCare is offering a no-charge fraud alert and security freeze on credit files of all impacted customers. In addition, it has also listed out new services for all affected patients in its security incident notificationOpens a new window .
How to Protect Your Medical Information
- Only share health insurance cards with the health care providers and other family members covered under your insurance plan.
- Thoroughly review the “explanation of benefits statement†received from the health insurance company.
- Any unrecognized items should be flagged by the insuree and clarified by the insurance company.
- Request for the current year-to-date report of all services paid for the beneficiary (affected party).
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!