Acadiana Computer Systems Phishing Attack Impacts 31,000 Individuals

Lafayette, Louisiana-based Acadiana Computer Services Inc., provides software and business solutions to the healthcare sector. On July 6, 2018, the company discovered an unauthorized individual had accessed an employee’s email account. Acadiana took steps to prevent further unauthorized access and launched an investigation into the cyberattack. A third party cybersecurity professional was hired to assist with the forensic investigation and determine how access to the account was gained, the extent of the breach and which individuals had been affected.

An analysis of the emails in the account revealed many contained the personally identifiable information and protected health information of patients of several of its clients. The categories of information that could potentially have been accessed was limited to names, contact information, treatment information and medical billing details, and for a limited number of individuals, Social Security numbers.

Acadiana Computer Services notified the Department of Health and Human Services’ Office for Civil Rights about the security breach. The breach summary on the HHS website indicates 31,151 people have been affected. Those individuals had received healthcare services from the healthcare providers listed below:

  • LSU Health Sciences Center Shreveport
  • Radiology and Interventional Associates of Metairie
  • Oceans Acquisition, Inc.
  • LSU Healthcare Network
  • Poly Ryon (Oakbend) Medical Group
  • Southern Surgical
  • Truman Medical Centers
  • South Louisiana Medical Associates
  • Willis-Knighton Medical Center
  • University Hospital and Clinics
  • University of South Alabama

Acadiana Computer Services has notified all individuals affected by the breach and advised them to monitor their accounts and credit reports for any sign of fraudulent activity. As an additional protection against identity theft and fraud, Acadiana Computer Services is covering the cost of credit monitoring services for the affected patients for 12 months.

Acadiana Computer Services has now taken actions to prevent any further security breaches which includes enhancing email security, providing additional HIPAA training to its employees, and reviewing and updating its policies and procedures.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/