Server and Email Hacking Potentially Compromised PHI of Patients

Hacking incidents continue to dominate healthcare data breach reports. One such incident has recently been disclosed by Elmcroft Senior Living Inc. An unauthorized person hacked its servers and gained access to the PHI of patients and current and past residents. This breach happened on May 10, 2018, and was detected on May 12.

The hacker potentially gained access to patients’ and residents’ information that included their names, the names of their family members, dates of birth, addresses, demographic details and Social Security numbers. It is also possible that the hacker accessed the PHI of the healthcare facility’s past residents and patients. Elmcroft Senior Living Inc. has already issued breach notifications to all persons affected by the breach. They have been offered credit and identity theft monitoring services as a precaution.

The other hacking incident involved Care Partners Hospice and Palliative Care. An unauthorized person gained access to an employee’s email account through which the hacker potentially accessed the PHI of 600 patients. Upon discovery of the breach incident on April 11, 2018, a full investigation was launched. The healthcare provider called in a third-party cybersecurity expert to assist with the investigation and find out how the hacker gained access to the email account.

No evidence was identified that suggests PHI was viewed or stolen, although it was not possible to establish that was the case with 100% certainty. Only one email account was affected and no other system was involved. So far, no reports have been received to suggest there has been any misuse of information contained in the email account.

Care Partners Hospice and Palliative Care has taken the necessary steps to improve email and network security to avoid similar incidents from happening in the future.