An unauthorized person accessed the network and server of Compassionate Care Hospice Las Vegas (CCHLV). The protected health information of 1,128 patients was potentially exposed. CCHLV discovered the data breach on October 28, 2017. Hired third-party computer forensics experts investigated the incident to know the nature of the breach and to know all the patients whose PHI had been exposed.
According to the investigative report, there was a possibility of accessed data, but there was no sign that the attacker viewed or stole sensitive information. But it cannot be 100% ruled out that there was no data theft or access. The stored information in the CCHLV network that could have been viewed include the patients’ names, birth dates, addresses, medical treatment data, Medicare numbers, health insurance information and archived digital health records. There was no financial information stored on the compromised network, so all patients’ financial data were secured.
After CCHLV discovered the data breach, access to the network and server were blocked. Steps to identify vulnerabilities of the network system involved a comprehensive risk analysis. The security policies were also reviewed and revised. CCHLV installed tools to detect intrusions and keep monitoring systems. These corrective actions will help keep the confidentiality, integrity and availability of PHI and mitigate cyberattacks quickly.
All affected patients already received notification letters by mail from CCHLV on December 14, 2017. They were also offered free complimentary credit monitoring and identity theft restoration services for one year via Kroll. The incident had been reported to the Department of Health and Human Services’ Office for Civil Rights and the law enforcement which assisted them in the investigation.