Email Accounts Compromised at Aveanna Healthcare and UNC Hospitals & School of Medicine
Email accounts have been compromised at the Georgia home health provider Aveanna Healthcare and UNC Hospitals and School of Medicine in North Carolina. Patient data has been exposed and potentially stolen in the attacks.
Aveanna Healthcare
Aveanna Healthcare, an Atlanta, GA, provider of home health and hospice care, has announced a security breach of its email environment and the exposure of the data of 65,482 patients. Anomalous activity was identified in an employee email account on September 22, 2023. The account was immediately secured, and an investigation was launched to determine the nature of the activity, and whether patient data had been exposed or stolen.
The investigation confirmed that an unauthorized third party had gained access to its email environment and potentially obtained files that contained patient information. Third-party specialists were engaged to review the affected files to determine the individuals affected and the types of data that may have been compromised. That process was completed on March 12, 2024, and notification letters started to be mailed to the affected individuals on March 15, 2024. The affected individuals have been offered complimentary identity theft protection services.
The types of data involved varied from individual to individual and may have included names in combination with one or more of the following: Social Security number, driver’s license or state identification number, date of birth, medical information, diagnosis, treatment information, MRN/patient identification number, incidental health reference, provider name, health insurance information, prescription information, Medicare/Medicaid number, and treatment cost information. Aveanna Healthcare said it has not found any evidence to indicate patient data has been misused.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
UNC Hospitals & School of Medicine
UNC Hospitals & School of Medicine has reported a breach of its email environment. A School of Medicine employee received a phishing email from a known and trusted contact and followed the link in the email, believing the message to be a genuine communication. The employee’s email account was protected with multi-factor authentication (MFA); however, the threat actor tricked the employee into sharing the MFA code, allowing the email account to be accessed.
The email account was compromised on February 1, 2024, and the incident was discovered the following day. The account was immediately secured; however, patient information in the account may have been viewed or acquired. While there have been no reports of misuse of patient information, UNC Hospitals is offering complimentary credit monitoring services to individuals who had their driver’s license numbers, Social Security numbers, financial account information, and/or health insurance information exposed. At this stage, it is unclear how many individuals have been affected.