HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

JASACare Email System Breach Impacts 1,154 Patients

JASACare, a New York-based home care services provider, has reported it has been attacked by hackers who managed to gain access to its email system. The attack is believed to have been conducted in order to steal money from corporate accounts by making fraudulent bank transfers. However, as a consequence of the breach of an employee’s email account, patient and employee data was potentially compromised.

The attack took place on January 29, 2016., with the breach lasting for under two hours. Rapid identification of the attack is believed to have severely limited the opportunity for any harm to be caused to employees and patients.

However, the possibility exists that data was viewed or copied by the attackers during the time they had access to the email account. JASACare has reported that no evidence has been uncovered to suggest that was the case, or that any data were actually downloaded by the attackers. As soon as the email system compromise was discovered, access was blocked by changing the password of the compromised account.

An analysis of the compromised email account revealed that 1,154 individuals had potentially been affected. The types of data potentially accessed by the attackers included names, addresses, phone numbers, dates of birth, health insurance information, Social Security numbers, and JASACare account balances. All patients and staff members affected by the security incident are in the process of being notified of the possible breach of their data. JASACare has also committed to provide all affected individuals with a year of credit monitoring services without charge.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

It is not clear from the substitute breach notice on the company website how the attackers managed to obtain login credentials to access the email account. However, JASACare has reported that the incident has prompted a security review and additional protections will be put in place to prevent similar breaches from occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.