Employee Email Account Breach at PSL Services and Monroe County Hospital & Clinics

Peregrine Corporation, also known as PSL Services, found out about the unauthorized access to the email accounts of several employees from December 16 to December 19, 2019.

The company identified the breach after seeing suspicious activity in the email account of an employee. A hired third-party computer forensics agency investigated the breach and affirmed that several email accounts were compromised.

The compromised email accounts contained types of data that varied from patient to patient, which included names of patients, birth dates, driver’s license numbers, Medicare numbers, medical data and Social Security numbers.

The analysis of the compromised accounts to identify who were the affected patients is not yet finished. Additionally, there is no final number of individuals impacted yet because of the unfinished breach investigation. PSL Services will offer the affected persons identity theft protection services at no cost. The sending of the written notifications to the affected individuals will be done soon.

PSL Services is reviewing its possible security solutions and will have more security procedures in place to avert the occurrence of similar breaches later on.

Email Breach at Monroe County Hospital & Clinics

Monroe County Hospital & Clinics based in Albia, IA learned that an unauthorized person had accessed its email system and possibly viewed or acquired roughly 7,500 patients’ protected health information (PHI).

The healthcare provider discovered the attack on December 19, 2019 and called in a computer forensic specialist to investigate the incident to find out the size and extent of the breach. The investigators confirmed that unknown people accessed a number of employee email accounts from October 28, 2019 to January 20, 2020.

The compromised accounts were found to have PHI that differed from one patient to another. The exposed patient information may have included names, birth dates, addresses, medical record numbers, date(s) of service, payor type, insurance status, diagnosis codes, the reason for consultations, and other treatment associated data. The Social Security number of a number of patients were likewise exposed. The affected people received free membership to credit monitoring services.

Upon uncovering the breach, Monroe County Hospital & Clinics reset the passwords of the email accounts to block further unauthorized access. The employees also had more training on security awareness. Extra security measures are additionally under consideration to avert attacks later on.