Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and discovered a seemingly strange account on their servers.
This case further highlights the importance of constantly reviewing system activity log.
Closer examination of that account revealed it was being used to download protected data from the server, including the protected health information of patients that had used its medical supplies.
The breach potentially affected 21,856 patients who received durable medical supplies, from the company through their Medicare coverage. The types of data stolen by the hacker included names, addresses, dates of birth, insurance details, and Social Security numbers. While personal private information was obtained, the hacker did not steal information regarding any medical conditions suffered by patients, nor details of any items purchased or financial information.
The investigation continues though it has still not been uncovered exactly how the account was created. According to CBS, the server was isolated and access to data was blocked after the attack. CBS has been carefully monitoring its systems since the breach was identified,and has found no further cases of unauthorized access or data theft.
All persons impacted by the violation been given the chance to avail of 12 months of credit monitoring and identity theft protection services without charge. Due to the sensitive nature of data stolen by the individuals, CBS is also reviewing its security protections and will be introducing new administrative security measures, providing additional training to staff members on security, as well as improving technical safeguards to stop future incidents like this one.
The 56,000-record breach reported by Enterprise Services LLC in JuneThis remains the worst breach in 2017 but this attack is second worst data breach reported by a HIPAA business associate so far this year.