25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

JASACare Email System Breach Impacts 1,154 Patients

Posted By on Mar 24, 2016

JASACare, a New York-based home care services provider, has reported it has been attacked by hackers who managed to gain access to its email system. The attack is believed to have been conducted in order to steal money from corporate accounts by making fraudulent bank transfers. However, as a consequence of the breach of an employee’s email account, patient and employee data was potentially compromised.

The attack took place on January 29, 2016., with the breach lasting for under two hours. Rapid identification of the attack is believed to have severely limited the opportunity for any harm to be caused to employees and patients.

However, the possibility exists that data was viewed or copied by the attackers during the time they had access to the email account. JASACare has reported that no evidence has been uncovered to suggest that was the case, or that any data were actually downloaded by the attackers. As soon as the email system compromise was discovered, access was blocked by changing the password of the compromised account.

An analysis of the compromised email account revealed that 1,154 individuals had potentially been affected. The types of data potentially accessed by the attackers included names, addresses, phone numbers, dates of birth, health insurance information, Social Security numbers, and JASACare account balances. All patients and staff members affected by the security incident are in the process of being notified of the possible breach of their data. JASACare has also committed to provide all affected individuals with a year of credit monitoring services without charge.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

It is not clear from the substitute breach notice on the company website how the attackers managed to obtain login credentials to access the email account. However, JASACare has reported that the incident has prompted a security review and additional protections will be put in place to prevent similar breaches from occurring in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more