The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Phishing Attack on SouthEast Eye Specialist Group Impacts 13,000 Patients

Posted By on Jan 16, 2020

SouthEast Eye Specialist (SEES) Group in Franklin, TN, is notifying 13,000 patients that some of their protected health information has been exposed as a result of a recent phishing attack.

It is unclear from the SEES Group’s substitute breach notice when the phishing attack occurred, but on November 1, 2019, SEES Group determined patient information was contained in email accounts that were accessed by unknown individuals.

The breach was discovered when the IT department identified suspicious activity in some employee email accounts. A third-party computer forensics company was retained to assist with the investigation and determine whether any emails or email attachments containing patient information had been viewed or copied by the attackers.

The investigation uncovered no evidence to suggest that patient information was viewed or obtained by unauthorized individuals, but it was not possible to rule out the possibility that patient information had been compromised.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

A painstaking analysis of all emails in the affected accounts revealed they contained information on patients including names, treatment information, and Social Security numbers.

SEES Group is now reviewing its information security policies and procedures and email security will be augmented to prevent similar incidents from occurring in the future.

2,008 Patients Notified About btyDental Ransomware Attack

btyDental, a network of dental practices in Anchorage, AK, is notifying 2,008 patients about a ransomware attack that involved some of their protected health information.

Ransomware was installed on some of its servers on or around November 17, 2019. The servers contained patients’ X-ray images along with their names. The servers contained no other protected health information, which was stored in systems unaffected by the attack.

Steps were immediately taken to restore the affected servers and third-party IT consultants were retained to assist with the investigation. No evidence was found to suggest any patient images were accessed or obtained by the attackers.

btyDental has reviewed its security policies and procedures and has taken steps to prevent similar attacks from occurring in the future and will continue to evaluate the security of its systems and implement the most up-to-date security measures.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist