Emotet Malware Potentially Exfiltrated PHI of Oregon Endodontic Group Patients

Oregon Endodontic Group has discovered malware has been installed on an office computer which potentially exported data contained in the office’s email account.

On November 13, 2018, Oregon Endodontic Group detected suspicious activity within an email account used at its offices.

A third -party forensic firm was engaged to assist with the investigation and identify the nature and scope of the security breach. The firm confirmed that a malware variant called Emotet had been downloaded onto an office computer. Emotet is a banking Trojan that is capable of exfiltrating data contained in email accounts. The computer forensics firm could not confirm whether any email data had been exfiltrated, but the possibility could not be ruled out.

The email account concerned was analyzed to determine whether it contained any protected health information. The analysis was completed on February 11, 2019.

The types of information contained in the account were limited to names along with one of more of the following data elements: Date of birth, diagnosis information, treatment information, and health insurance information. 41 individuals had their name and Social Security number exposed; seven individuals had their name and financial information exposed; and two individuals had their name and driver’s license number exposed.

Oregon Endodontic Group has engaged the services of an IT security firm which is assessing security controls and additional protections will be implemented as appropriate to enhance security.

The HHS’ Office for Civil Rights breach portal shows 2,952 patients have been impacted by the breach.

Humana Notifies Members in Texas About Web Portal Breach

Humana has discovered unauthorized individuals have registered on the web portal used by one of its authorized service providers (Availity) and have attempted to obtain eligibility and benefit verification of plan members. The web portal is used by providers to check eligibility and benefits of multiple health plans.

The individuals posed as physician provider groups and potentially obtained a limited amount plan members’ information between January 15, 2016 and February 14, 2019.

The information potentially accessed was limited to names, Humana ID numbers, benefit information, plan effective dates, and care reminders. As a precaution, affected members have been offered credit monitoring and identity theft protection services and have been advised to monitor their explanation of benefits statements for signs of fraudulent activity. No reports of PHI misuse have been reported to date.

Humana notes in its breach notification letters that Availity did have policies and procedures in place to protect customer information and controls have now been augmented to prevent similar breaches in the future.

The breach affected 522 Humana members in Texas.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.