Massachusetts-based Shields Health Solutions has announced that, on October 24, 2019, organisation officials learned of suspicious activity related to an employee’s email account.
Shield Health, which provides specialised pharmacy services to hospitals and other health bodies, claims it took immediate steps to secure the account and undertook to collaborate with a cybersecurity firm to assist with the subsequent investigation.
The probe determined that an unauthorized person gained access to a single employee email account between October 22, 2019 and October 24, 2019. However, the investigation found that the account contained some patient records, including names, dates of birth, medical record numbers, provider names, prescription information, clinical information, insurer names, and limited claims information. According to Shields officials, the information did not include patient Social Security numbers or financial account information.
Shields says it has no indication that any information has been accessed or misused. However, in an act of caution, the organisation says it mailed notification letters to patients whose information was found in the account.
Shields says it also established a dedicated call center to answer any question patients may have.
Shields now recommends that affected patients review statements received from health care providers. If there are services the patients did not receive, patients are encouraged to contact the provider immediately. To help mitigate future risk, Shields says it is taking steps to further enhance the organization’s data security procedures, including implementing multi-factor authentication on employee email accounts.
Shields Health Solutions has also said it is in the process of mailing letters to patients whose information may have been impacted by the security incident.
The post #Privacy: Massachusetts health centre declares data breach and gives patient advisory appeared first on PrivSec Report.