The HIPAA Guide - Celebrating Over 15 Years Online

1,790 Patients Impacted by Phishing Attack on Drug and Alcohol Treatment Center in Los Angeles

August 31, 2018HIPAA Breaches, Violations, and Fines0

Authentic Recovery Center, a drug and alcohol treatment center based in West Los Angeles, recently experienced a phishing attack that resulted in the the personally identifiable information (PII) and protected health information (PHI) of 1,790 individuals being exposed.

Authentic Recovery Center discovered the phishing attack on June 21, 2018 and immediately launched a full investigation. The investigation confirmed that the breach was limited to a single email account. All other email accounts and systems remained secure at all times.

An employee responded to the phishing email and disclosed login credentials which were used by the attacker to access the account. The unauthorized access occurred on June 7, 2018 and access remained possible until the email account was secured on June 21. During that time it is possible that emails in the account were viewed and, potentially, the mailbox could have been downloaded. No evidence of misuse of patient and employee information was found.

An analysis of the compromised account revealed it contained the PII and PHI of clients and employees in messages and email attachments. Employee information accessible through the account was limited to names and driver’s license numbers, with the exception of two individuals who also had their addresses, contact telephone numbers, dates of birth, and Social Security numbers exposed.

For almost all individuals impacted by the breach, the risk of identity theft and fraud is low due to the types of information exposed. As a precaution, all individuals affected by the breach were provided with free credit monitoring services for 12 months. It was additionally recommended that impacted people should check their credit reports for any sign of fraudulent activity.

Authentic Recover Center has implemented additional controls to protect its email accounts and employees have been provided with additional HIPAA training on securing sensitive information and data systems.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2024 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide       Terms and Conditions       Accessibility Statement