Law enforcement agencies have notified Cambridge Health Alliance (CHA) that the protected health information of some of its subscibers has been obtained by an unauthorized individual.
Everett Massachusetts Police Department alerted, on January 31, 2018, CHA that data the incorporated the PHI of some of its patients had been identified in the possession of an hacker unauthorized to have the data in question. After being told of the breach, CHA carried out an internal investigation into the breach and reviewed the files.
One of the files, at least, contained data that referred to financial details which included patients’ names, addresses, birth dates, Social Security numbers, employer information, costs of healthcare services, and discharge details. The information in question referred to the 2013 billing period.
A breach notice sent to affected individuals by the law firm BakerHostetler on behalf of CHA stated that HIPAA breach targeted four people from New Hampshire, who have been offered credit monitoring and identity theft protection services through Experian free of charge.
While the breach notice submitted reveals that just four individuals were targeted, the Boston Globe has published that notification letters have been sent to an estimated 2,500 patients. The information regarding the breach are the same aside from the number of individuals targeted.
Boston Globe also revealed that CHA spokesman David Cecere confirmed that the investigation is ongoing it is still unclear how the information came to be obtained. Cecere revealed that it could have been a hack or the information could have been made public in error
In addition to the internal investigation completed, CHA has hired a computer forensics consultancy firm to aid the attempts to determine exactly how the data was made public.