Primary Health Care announces email breach one year after discovery

Hackers broke into four employee email accounts of the Iowa provider in Feb. 2017, allowing access to a wide range of sensitive data from Social Security numbers to credit card information.
By Jessica Davis
12:32 PM
healthcare cybersecurity breach

Iowa-based Primary Health Care is notifying patients that a hacker breached four of its employee email accounts, which may have allowed the cybercriminals to view or obtain patient information.

The breach lasted only one day. Officials discovered the unauthorized access of four employees’ email accounts on March 1, 2017, in fact, after access began Feb. 28 of that year. Upon detection, Primary Health Care blocked access to the accounts and began reviewing the contents of the hacked emails.

Primary Health Care also hired a forensic investigator to determine the scope of the breach, including related Google drives. Officials were unable to determine what emails were accessed by the hackers.

[Also: The biggest healthcare data breaches of 2018 (so far)]

The impacted accounts included a combination of patient names, Social Security numbers, phone numbers, driver’s license numbers, financial account details, credit or debit card information, medical information, provider information, and, if applicable, Medicaid identification numbers.

Primary Health Care officials said they’re “working to implement additional safeguards and security measures to enhance the privacy and security of information on its systems.” All victims are being offered one year of free credit monitoring.

The breach is currently not shown on the Office of Civil Rights’ breach reporting tool, so the number of patients impacted is currently unknown.

The notice doesn’t explain why it took officials more than a year to report the incident. This should serve as a reminder that under HIPAA, organizations are required to report a breach within 60 days of the initial time of discovery.

Twitter: @JessieFDavis
Email the writer:

More regional news

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.