About 10,000 Patients Affected by Beaumont Health and The Connection, Inc. Phishing Attacks

Beaumont Health, the leading healthcare system located in Michigan, began notifying 6,000 patients about the potential access of their protected health information (PHI) by unauthorized persons because of a phishing attack.

Unauthorized persons obtained access to a number of employee email accounts between January 3, 2020 and January 29, 2020. Beaumont Health discovered on June 5, 2020 that at least one of the breached email accounts held patient records. The following information may have been included: names, dates of birth, diagnosis codes, diagnoses, operations, location of treatment, treatment type, prescribed medicine data, Beaumont patient account numbers, and medical record numbers. Beaumont Health sent notifications to the affected patients concerning the breach on July 28, 2020.

This is Beaumont Health’s second breach report that is associated with a phishing attack in 2020. In April, the health system notified 112,000 persons concerning a phishing attack that transpired in 2019. Subsequent to the attacks, Beaumont Health took necessary steps to strengthen email security, which include bettering its multi-factor authentication software system, performing a risk analysis, and delivering extra training and education to Beaumont personnel related to identifying and dealing with malicious emails. The internal policies and procedures were also updated to identify and remediate forthcoming threats and to lessen the occurrence of the same event again.

PHI of 3,736 Patients Possibly Exposed in The Connection, Inc. Phishing Attack

The Connection, Inc. based in Middletown, CT, a community-based behavioral health and substance use services provider, discovered the unauthorized access of the email accounts of its two employees. The healthcare provider discovered the security breach on February 13, 2020 when one employee began encountering difficulties with their email account. The following investigation affirmed the breach of two email accounts from January 4, 2020 to February 13, 2020.

The people behind the attack tried to modify the direct deposit details of the employee via payroll. Although that seems to be the only reason for the attack, The Connection, Inc. cannot eliminate the probability of theft of data from the email accounts.

The information contained in the email accounts included the present and past clients’ names, birth dates of birth, mailing addresses, driver’s license numbers, Social Security numbers, financial account data, treatment and clinical details, prescription medication data, diagnoses, provider names, treatment dates, patient account or medical record numbers, and/or affiliation with The Connection. There is no report received about any attempt of misusing the information of The Connection clients.

The provider began sending notification letters to the affected persons on July 24, 2020. Those who had their Social Security numbers compromised received free credit monitoring and identity protection services.

The Connection has made available to the employees additional training on cybersecurity and implemented multi-factor authentication on email accounts.