Scenic Bluffs Community Health Centers Notified 2,889 Patients of PHI Breach

Scenic Bluffs Community Health Centers discovered on March 1, 2018 an email account breach, which resulted to the potential compromise of the protected health information (PHI) of about 2,889 patients. The unauthorized person gained access to an employee’s email account on February 28, 2018. The attacker was able to set up a mail forwarder on the account and forwarded 44 messages to an email address he controlled.

The investigation show that all the forwarded emails did not contain any protected health information and the mail forwarder was immediately deleted upon discovery and the email account was closed. All PHI associated with the account was secured. Although it seemed that the attacker did not obtain any PHI, it is still possible that the attacker viewed the PHI detailed in the emails during the time he had access to the email account.

There’s no clear report regarding how the attacker gained access to the email account. Usually, access to an email account is gained after an employee responds to a phishing email inadvertently disclosing his account login credentials. Another possibility is through the use of a brute force attack, which exploits weak passwords.

Scenic Bluffs Community Health Centers hired a third party cybersecurity firm to assess its network systems. The recommendations on necesary security solutions that the firm will come up with will be implemented to further protect the Community Health Centers’ patient privacy and stop future security breaches.

Scenic Bluffs Community Health Centers mailed breach notification letters on April 23, 2018 to all patients whose PHI was potentially exposed.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/