Welcome to the Qbitz LLC Blog Article - 25,000 Patient Records Exposed Back to Blog

 

The Breach

On March 4, 2019, it was discovered that an unauthorized individual had accessed an employee's email account for two days. After discovering the unauthorized access, Adirondacks ACO began checking every email and attachment in the affected employee's account, looking for any PHI that may have been accessed.

Adirondacks ACO discovered that two employees had been discussing information regarding patients who had missed a baby wellness exam and other screenings, as part of their population health analysis. The employees were planning to send the information, contained in a "gap-in-care" spreadsheet, to providers so they could determine how to contact their patients.

That's when an unauthorized individual from outside the U.S. remotely obtained access to the email account. At this time, no evidence suggests that the email was opened by the unauthorized party, however, the possibility could not be ruled out.

The Exposure

The unauthorized access was not due to a phishing attack, and a spokesperson for Adirondack Health stated he does not believe the employee could have avoided it. The spokesperson also stated that policies are being changed as a result of the incident.

Information contained in the exposed spreadsheet includes patients' names, dates of birth, Medicare ID numbers, health insurance member numbers, as well as limited treatment and/or clinical information. Some patients also had their Social Security numbers listed.

Adirondacks ACO began notifying patients of the breach in early July. 25,000 letters of notification have been sent to affected patients, with only a few remaining.

For patients who had their Social Security numbers listed on the spreadsheet, free credit monitoring and identity protection will be provided by Adirondacks ACO.

 

Qbitz LLC
Location

Gilbert, AZ 85298

Contacts

Email: info@qbitz.com      
Phone: 480-900-2123 

Partners

Barracuda Networks
Omnis                                       
Bitdefender
Microsoft
Dell