August 19, 2018
InterAct of Michigan, a supplier of mental health and substance misuse cures through clinics in Kalamazoo and Grand Rapids has learnt an illegal person has gained access to the electronic mail account of a worker and possibly seen and copied the protected health information of 1,290 patients.
The attack was learnt on June 8, 2018 prompting a detailed inquiry to decide the nature as well as the range of the break. Fast action was taken to end access to the undermined account and an internal inquiry was started. A prominent computer forensics firm was engaged to provide help with the inquiry.
On July 30, 2018, InterAct of Michigan decided that the protected health information of certain patients had possibly been retrieved. The information was present in electronic mails and electronic mail attachments in the undermined account. The disclosed PHI contained clients’ names and Social Security numbers. For some patients, date of birth, prescription details, and cure history might have also been retrieved.
Because of the confidential nature of the information that was undermined, all affected patients have been offered free identity theft protection facilities for 12 months.
On August 7, 2018, notices were dispatched to affected people and Division of Health and Human Services’ Office for Civil Rights was informed of the break.
InterAct of Michigan has taken measures to improve safety to avoid more breaks and ensured that in the event of an additional electronic mail account compromise, the break will be identified much more swiftly.
Electronic mail access logs are now being revised on a weekly basis to find any doubtful behavior and single user inbox laws are similarly being checked. A law has also been set up that avoids the sending of electronic mails to external electronic mail accounts, which indicates such a law might have been set up by the threat actor accountable for this attack.