Email Breach at CSI Laboratories Impacts Almost 245,000 Patients
Cytometry Specialists, Inc., doing business as CSI Laboratories in Alpharetta, GA, has recently announced that the email account of an employee has been accessed by an unauthorized individual, who may have viewed or obtained the protected health information of 244,850 patients. CSI Laboratories is a leading cancer testing and diagnostics laboratory that serves pathologists, oncologists, and community hospitals throughout the U.S.
The email account breach was detected on July 8, 2022, and the account was immediately secured. The investigation into the incident indicates the purpose of the attack was to use the email account in a business email compromise (BEC) attack to redirect CSI customer health care provider payments to an account under the control of the attacker by posing as CSI using a fictitious email address, rather than to obtain patient information; however, the breach investigation confirmed on July 15, 2022, that certain files had been copied from the employee’s mailbox that contained patient information.
The files related to invoices sent to CSI Health Care provider customers which were most likely obtained to support the BEC scam. The files typically only contained patient names and identifiers (patient numbers), although some files contained further information such as dates of birth and health insurance information. As such, the potential for misuse of patient data is believed to be very low.
In response to the breach, CSI Laboratories has taken steps to enhance the security of its email environment, has provided further training to employees on how to recognize phishing attempts, and has enhanced monitoring of its network and email systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
CSI Laboratories announced earlier this year that it had suffered a ransomware attack, for which the Conti ransomware gang took credit. The PHI of 312,000 patients was compromised in that attack.
Trillium Health Email Account Breach Exposes PHI of 3,200 Patients
The Rochester, NY-based healthcare provider, Trillium Health, has reported a data security incident that exposed the protected health information of 3,191 patients. On or around August 1, 2022, Trillium Health discovered suspicious activity in the email account of one of its employees. Steps were immediately taken to secure the email account and an investigation was launched to determine the nature and scope of the incident.
Trillium Health confirmed that only one email account was affected and that an unauthorized individual had access to the employee’s mailbox for a short period of time on July 26, 2022. During that period of access, it is possible that the entire contents of the mailbox may have been copied. A review of the emails and attachments confirmed they contained patient information such as names, birth dates, treatment information, medications, diagnoses, and provider information. In very limited instances, more extensive information was potentially compromised.
Trillium Health said it has implemented additional safeguards to prevent further email account breaches, including multi-factor authentication, and has modified its internal email settings.
Keck Medicine of USC Affected by Breach at Business Associate
Keck Medicine of USC has recently announced that it has been affected by a data breach at one of its business associates, Conifer Revenue Cycle Solutions. Conifer provides revenue cycle management and other administrative services, which requires access to patient information. On April 14, 2022, Conifer determined an unauthorized individual gained access to its Office 365 email environment, which contained the information of patients of its healthcare provider clients.
The information potentially compromised included names, dates of birth, addresses, Social Security numbers, driver’s license numbers, state ID numbers, financial account information, medical and/or treatment information such as medical record numbers, provider names, diagnoses and symptoms, and prescription/medication information, and health insurance information. The data exposed varied from patient to patient.
Keck Medicine said its business associate has enhanced its security controls and monitoring practices and has accelerated the implementation of multi-factor authentication. Complimentary credit monitoring services have been offered to affected individuals.
