The Everett & Hurite Ophthalmic Association (EHOA), a team of ophthalmology specialists serving Pittsburgh, PA & Warrendale, PA, has discovered an unauthorized individual gained access to the email account of one of its employees and potentially viewed patient information.
EHOA became aware of a breach on March 23, 2020 when suspicious activity was detected in the employee’s email account. After securing the account, third party forensic specialists were engaged to investigate the incident. The investigation confirmed that the breach was limited to a single email account, which was breached between February 25, 2020 and March 25, 2020.
A comprehensive review of emails and attachments in the account revealed they contained the protected health information of 34,113 patients. The majority of patients had their names included in an internal report that was used for reporting to the HHS’ Centers for Medicare and Medicaid Services (CMS). For certain individuals, their Social Security number, financial data, health insurance details, date of birth, and health and treatment information were also exposed. No evidence was uncovered to suggest patient information was viewed or downloaded by the person who accessed the account.
EHOA has notified all affected patients, has provided further training to its employees, and is enhancing its policies and procedures to prevent similar breaches in the future.