A leading computer forensics consultancy was hired to assist with the investigation and determine which, if any, emails in the account had been viewed and whether any patient information had been impacted. The investigation showed that the hackers potentially gained access to the protected health information of certain patients, which included names, dates of birth, and limited clinical details. Some patients also had their Social Security number, driver’s license information, and/or health insurance information accessed.
All patients impacted by the breach were sent breach notification letters on March 29, 2019 and people whose Social Security number or driver’s license number were exposed have been provided with complimentary identity theft protection services for one year at no cost.
As a precautionary measure, all individuals impacted by the breach have been advised to keep a close eye on their accounts, explanation of benefits statements, and credit reports closely for any indication of fraudulent use of their information.
To enhance security and prevent more breaches, Main Line has provided further training to all staff to improve email security awareness and warn them to the threat from phishing. Multi-factor authentication has been put in place to stop accounts from being accessed in the event that further details are compromised along with other security measures.
The breach has been made known to the Department of Health and Human Services’ Office for Civil Rights. The OCR breach portal states that 14,305 patients were impacted by the breach.