CareATC Email Accounts Accessed by Unauthorized Individuals
CareATC, a Tulsa, OK-based population health management company, has discovered the email accounts of two employees have been accessed by unauthorized individuals, who potentially gained access to the personal information of patients and employees.
CareATC launched an investigation on June 29, 2021 when suspicious activity was detected in the email account of an employee. Third-party forensics specialists were engaged to assist with the investigation and determine the extent and scope of the security breach. That investigation revealed a second email account had also been compromised, with the two email accounts subject to unauthorized access between June 18 and June 29, 2021.
Upon discovery of the compromised email accounts steps were taken to block any further unauthorized access, and a comprehensive review was conducted to determine which patient data had been exposed. The review was completed around August 11, 2021.
For the majority of affected individuals – which include patients, employees, and dependents of patients and employees – the information in the compromised email accounts was limited to names and dates of birth. Other individuals also had one or more of the following data elements exposed in addition to their name: Social Security number, driver’s license number, date of birth, financial account information, medical history and treatment information, health insurance information, passport number, US Alien Registration number, electronic/digital signature, and username and password.
Notifications have now been sent to affected individuals for whom valid mailing addresses were maintained. CareATC has been working with third-party cybersecurity specialists to improve email security, and steps have already been taken to strengthen the security of its email system. CareATC also said employees have been provided with additional email security training.
The breach summary on the Department of Health and Human Services’ Office for Civil Rights breach portal indicates 98,774 patients were affected by the breach.