25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Sound Community Services Discovers Email Account Breach

Posted By on Jun 14, 2017

New London, CT-based Sound Community Services Inc., a not-for-profit provider of education, support and assistance for individuals with persistent mental illness and/or substance abuse disorders has discovered an unauthorized individual has gained access to an employee’s email account.

Suspicious activity was detected on the email account on January 13, 2017. An investigation was immediately launched and access to the email account was blocked. The investigators determined access to the email account had been gained the previous day.

A forensic investigation into the security breach was conducted, although the identity of the unauthorized individual could not be determined. The email account was discovered to contained the protected health information of 1,278 individuals.

No information has been released detailing how the unauthorized individual gained access to the email account, although this type of security breach is commonly caused as a result of employees responding to phishing emails and disclosing their email credentials.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While it is possible that patient information was accessed by the unauthorized individual, no evidence has been uncovered to suggest emails in the account were opened and viewed and no reports have been received to suggest any exposed information has been obtained and misused. Fortunately, the information in the emails was limited, with only names and client numbers exposed. One individual also had details of referring information exposed.

The review of the email accounts was only completed on April 18, hence the delay in issuing notifications. The Department of Health and Human Services’ Office for Civil Rights was notified of the breach on May 26.

Even though the information exposed was limited, all affected individuals have been offered 24 months of identity protection services without charge. Those individuals are being notified of the breach by mail and are being provided with background information on the incident.

Sound Community Services will be implementing new controls to ensure similar incidents are prevented in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more