Phishing Attacks on Healthcare Resource Group and Confido Exposed the PHI of Patients

Confido, a pharmacy benefits consulting company began mailing notification letters to 3,600 of its clients’ personnel, users, and their dependents concerning the probable access of some of their private data by an unauthorized person who acquired access to the email account of a worker.

Confido discovered the breached email account on December 12, 2020 and started an investigation to identify the magnitude and extent of the incident. security company helping Confido confirmed on January 17, 2020 that an unauthorized person had access to the email account for a two-week period from November 29, 2019 up to December 12, 2019. The investigators were unable to ascertain whether the unauthorized person downloaded data from the email account, however, the likelihood can’t be eliminated.

A thorough analysis of the email account showed it included facts like names, birth dates, medical insurance data, Social Security numbers, prescription details, treatment details, and clinical data for example diagnoses and names of the provider.

Persons impacted by the incident got breach notification letters on February 10, 2020. Free credit monitoring services were gifted to persons who had their Social Security numbers compromised.

In response to the breach, Confido gave extra security awareness training to its personnel and enforced additional processes to fortify email security.

Phishing Attack on Healthcare Resource Group Affects Barlow Respiratory Hospital

Healthcare Resource Group provides billing services to Barlow Respiratory Hospital in Los Angeles, CA. An unauthorized individual got access to the email account of a worker of the Healthcare Resource Group. The investigation into the incident showed that the hacker had accessed the email account from November 4, 2019 to November 30, 2019.

According to the email account review, the emails and file attachments had some protected health information (PHI) of present and previous patients of Barlow Respiratory Hospital.

A third-party agency analyzed the account to find out the types of data exposed. On February 27, 2020, the concluded investigation showed that patient names were breached and also at least one of these data elements: Social Security number, birth date, driver’s license number, patient account number, medical record number, medical insurance details, treatment data, and medical billing or claims details.

Healthcare Resource Group sent notifications to impacted patients of Barlow Respiratory Hospital on April 7, 2020. The Group also offered 12-month’s credit monitoring and identity theft restoration services to impacted patients.