swidup
commented
1 week ago https://www.hipaajournal.com/email-breach-oklahoma-spine-hospital/
"Familylinks Inc., a provider of integrated community, behavioral, and social programs in Western Pennsylvania, has notified 3,775 individuals that some of their protected health information has been exposed. On May 3, 2024, suspicious activity was identified in an employee’s email account. The forensic investigation confirmed the unauthorized access occurred on May 3, 2024, and was limited to a single email account. While the breach was detected rapidly, it is possible that sensitive information in the account and attached files may have been viewed or acquired.
The account review confirmed that the following types of protected health information were stored in the account: names, driver’s license or state ID numbers, federal ID numbers, dates of birth, Social Security numbers, medical information (including diagnosis and treatment information), and/or health insurance information, including policy numbers. Familylinks is unaware of any misuse of the affected data. Notifications were mailed to the affected individuals on October 3, 2024, and steps have been taken to enhance email security to prevent similar incidents in the future."
https://www.bizjournals.com/pittsburgh/news/2024/11/13/familylinks-data-breach.html
"Familylinks has announced it suffered a "data security incident," and has investigated the matter.
The Pittsburgh-based community services provider announced in a release that the breach may have impacted certain peoples' personal information.
The breach, which was discovered on May 3 of this year, originated through suspicious activity on an employee's email account, the organization said.
"Familylinks immediately initiated an investigation and engaged independent cybersecurity experts to assist with the process," Familylinks said in a statement. "As a result of this investigation, Familylinks determined that certain emails and attachments may have been acquired without authorization on May 3, 2024."
The investigation concluded on Oct. 3. According to Familylinks, "certain individuals' personal and/or protected health information may have been affected by this incident.""