HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Solara Medical Supplies and Select Health Network Report Phishing Attacks

Solara Medical Supplies, LLC, a Chula Vista, CA-based provider of medical devices and disposable medical products, has announced that the protected health information of many of its customers has potentially been compromised as a result of a phishing attack.

On June 28, 2019, Solara Medical identified suspicious activity in the email account of an employee and an investigation was launched to determine the nature and scope of the breach.  Assisted by third party computer forensics experts, Solara Medical learned that the breach was far more extensive, and several Office 365 email accounts had been compromised between April 2, 2019 and June 20, 2019.

A programmatic and manual review of all compromised accounts was conducted to determine which patients’ protected health information had potentially been accessed. The information in the email accounts varied from patient to patient and included patients’ first and last names in combination with one or more of the following data elements: Address, birth date, employee ID number, Social Security number, health insurance information, financial information, credit card/debit card number, passport details, state ID number, driver’s license number, password/PIN or account login information, claims data, billing information, and Medicare/Medicaid ID.

Upon discovery of the breach, Solara Medical immediately secured the compromised accounts and has since implemented additional security measures to improve email security. Individuals affected by the breach have been notified and offered complimentary credit monitoring and identity theft protection services for 12 months out of an abundance of caution.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The breach has been reported to the Department of Health and Human Services’ Office for Civil Rights. The breach report indicates up to 114,007 individuals have been affected.

Select Health Network Phishing Attack Reported

The Mishawaka, IN-based physician hospital organization, Select Health Network, has also announced that the protected health information of certain individuals has potentially been compromised as a result of a phishing attack.

Suspicious activity was detected in the email accounts of certain employees and a team of computer forensics experts was engaged to investigate a potential breach. The investigation revealed several email accounts were compromised between May 22, 2019 and June 13, 2019.

The results of an audit of the compromised email accounts was provided to Select Health Network on October 1, 2019, which confirmed that a wide range of protected health information was contained in the compromised accounts.

The types of information exposed varied from individual to individual and may have included first and last names in addition to one or more of the following data elements: Address, date of birth, member id number, health insurance information, medical history, treating/referring physician’s name, treatment information, treatment cost, health insurance policy number, and medical record number. A limited number of individuals also had their Social Security number exposed.

Select Health Network is unaware of any misuse of patient information as a result of the breach. Individuals whose Social Security numbers have been exposed have been offered complimentary credit monitoring and identity theft protection services for 12 months. The HHS’ Office for Civil Rights breach portal indicates 3,582 patients have been affected.

Select Health Network has conducted a review of its policies and procedures and additional safeguards are being implemented to improve email security and prevent further attacks of this nature.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.