http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack
By Erin McCann
Associate Editor
Healthcare IT News
October 14, 2014
An academic medical center in California is notifying patients of a HIPAA
breach after officials discovered a physician's email account had been
hacked by an outside source.
University of California Davis Health System has notified 1,326 patients
that their protected health information, which was contained on this
physician's email account, was compromised. The breach, which occurred at
UC Davis Medical Center, was discovered Sept. 26, according to patient
notification letters mailed out. The email incident had occurred one day
earlier.
"Our IT team has undertaken a review of the event, but the exact root
cause of the incident remains unknown. We do not see evidence of a
phishing attack," said Shara Merritt Reed, privacy program director at UC
Davis Health System, in an emailed statement. "We hesitate to speculate
but deduce the credentials were obtained by other means in order to
utilize the account."
In a letter mailed to affected patients Reed explained that UC Davis
providers use their emails for patient care purposes, specifically, for
example, upcoming appointments, or patient care exchange for a
consultation or referral. "When this happens, limited amounts of patient
information may be included in the provider's email account," she
explained in the letter.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
