Lafayette, Louisiana-based Acadiana Computer Services Inc., provides software and business solutions to the healthcare sector. On July 6, 2018, the company discovered an unauthorized individual had accessed an employee’s email account. Acadiana took steps to prevent further unauthorized access and launched an investigation into the cyberattack. A third party cybersecurity professional was hired to assist with the forensic investigation and determine how access to the account was gained, the extent of the breach and which individuals had been affected.
An analysis of the emails in the account revealed many contained the personally identifiable information and protected health information of patients of several of its clients. The categories of information that could potentially have been accessed was limited to names, contact information, treatment information and medical billing details, and for a limited number of individuals, Social Security numbers.
Acadiana Computer Services notified the Department of Health and Human Services’ Office for Civil Rights about the security breach. The breach summary on the HHS website indicates 31,151 people have been affected. Those individuals had received healthcare services from the healthcare providers listed below:
- LSU Health Sciences Center Shreveport
- Radiology and Interventional Associates of Metairie
- Oceans Acquisition, Inc.
- LSU Healthcare Network
- Poly Ryon (Oakbend) Medical Group
- Southern Surgical
- Truman Medical Centers
- South Louisiana Medical Associates
- Willis-Knighton Medical Center
- University Hospital and Clinics
- University of South Alabama
Acadiana Computer Services has notified all individuals affected by the breach and advised them to monitor their accounts and credit reports for any sign of fraudulent activity. As an additional protection against identity theft and fraud, Acadiana Computer Services is covering the cost of credit monitoring services for the affected patients for 12 months.
Acadiana Computer Services has now taken actions to prevent any further security breaches which includes enhancing email security, providing additional training to its employees, and reviewing and updating its policies and procedures.