"Texas Spine Consultants, the operator of orthopedic centers in Addison and Plano in Texas, has discovered a breach of an employee’s email account. Suspicious activity was detected in the account on or around May 13, 2024, and the account was immediately secured. Assisted by third-party cybersecurity experts, the activity was investigated and it was confirmed there had been unauthorized access to the account.
The review confirmed on September 5, 2024, that the account contained patient data such as names, dates of birth, medical information, and health insurance information. No Social Security numbers, driver’s license numbers, financial account information, or credit or debit card information were exposed. Since then, patients’ contact information has been verified and individual notifications have been mailed to the affected individuals.
While only one email account was compromised, all employee email accounts had a password reset, and security measures – including multifactor authentication – have been enhanced. To prevent any misuse of the affected data, complimentary credit monitoring and identity theft protection services have been offered to the 8,048 affected individuals for 12 months."
swidup
commented
1 month ago
https://www.hipaajournal.com/email-account-breaches-nj-tx-mt-ky-azreported-by-5-hipaa-regulated-entities/
"Texas Spine Consultants, the operator of orthopedic centers in Addison and Plano in Texas, has discovered a breach of an employee’s email account. Suspicious activity was detected in the account on or around May 13, 2024, and the account was immediately secured. Assisted by third-party cybersecurity experts, the activity was investigated and it was confirmed there had been unauthorized access to the account. The review confirmed on September 5, 2024, that the account contained patient data such as names, dates of birth, medical information, and health insurance information. No Social Security numbers, driver’s license numbers, financial account information, or credit or debit card information were exposed. Since then, patients’ contact information has been verified and individual notifications have been mailed to the affected individuals. While only one email account was compromised, all employee email accounts had a password reset, and security measures – including multifactor authentication – have been enhanced. To prevent any misuse of the affected data, complimentary credit monitoring and identity theft protection services have been offered to the 8,048 affected individuals for 12 months."