In the USA, Tennessee Orthopaedic Alliance (TOA) says it has learned of a data security incident that involved protected health information belonging to certain current and former patients.
On February 14, 2020, suspected victims were contacted, TOA claims, and given resources for assistance.
The incident has been traced back to October 18th of last year, when TOA says it detected unusual activity in its email environment. It is suspected that an unauthorised third party may have gained access to an employee’s email account.
Once discovered, TOA says it secured its email system, began an investigation, and engaged a leading digital forensics firm to determine the scope of the incident. Based on the digital forensic firm’s findings, it was determined that two TOA employee email accounts were subject to unauthorized access between August 16 and October 14, 2019.
On January 3, 2020, the investigation revealed that data containing individuals’ personal or health information within two email accounts may have been affected. This information may have included names, dates of birth, contact information (addresses, phone numbers and email addresses), social security numbers, health insurance information, treatment or diagnostic information (including codes), and/or treatment cost information. The incident was limited to information transmitted via email and did not affect any other information systems.
The organisation says it completed a thorough review of the affected accounts to determine whose personal or health information may have been impacted by the incident, and to provide notification to those affected. TOA asserts it has no evidence that any of the information potentially involved in this incident has been misused, but has reported this matter to the FBI and says it will cooperate as necessary to hold the perpetrators accountable.
Notification letters were sent to potentially impacted individuals on February 14, 2020, letters which include information about the incident along with steps for potentially impacted individuals to take to monitor and help protect their personal information.
The post #Privacy: Tennessee Orthopaedic Alliance issues notice of data security incident appeared first on PrivSec Report.