Email Account Breaches at CSI Laboratories and Trillium Health

Cytometry Specialists, Inc., dba CSI Laboratories located in Alpharetta, GA, has recently announced that an unauthorized individual accessed the email account of an employee and might have viewed or gotten the protected health information (PHI) of 244,850 patients. CSI Laboratories is a top cancer testing and diagnostics laboratory that assists pathologists, oncologists, and community hospitals across the U.S.

CSI Laboratories identified the email account breach on July 8, 2022, and quickly secured the account. The incident investigation shows that the reason for the attack was to utilize the email account to conduct a business email compromise (BEC) attack and redirect CSI customer health care provider payments to an account managed by the hacker by posing as CSI utilizing a fictitious email address, The breach was not meant to acquire patient information; nevertheless, the breach investigation revealed on July 15, 2022, that certain files were extracted from the employee’s mailbox that stored patient records.

The files associated with invoices delivered to CSI Health Care provider customers which were probably taken to help the BEC scam. The files usually only included patient names and identifiers like patient numbers, though a number of files enclosed additional details like dates of birth and health insurance data. Therefore, the possibility of misuse of patient data is considered to be very low.

Due to the breach, CSI Laboratories took steps to improve the protection of its email environment, gave more training to employees on how to determine phishing attempts, and enhanced the checking of its network and email systems.

CSI Laboratories reported earlier this year that it had experienced a ransomware attack that the Conti ransomware gang took credit. The 312,000 patients’ PHI was compromised in that attack.

PHI of 3,200 Individuals Exposed at Trillium Health Email Account Breach

The healthcare company Trillium Health based in Rochester, NY has announced a data security incident that compromised the PHI of 3,191 patients. On or about August 1, 2022, Trillium Health identified suspicious activity in an employee’s email account. The provider took steps right away to protect the email account and launched an investigation to find out the nature and extent of the breach.

Trillium Health stated that the breach just affected one email account and that an unauthorized person got access to the inbox of the employee for a brief time period on July 26, 2022. In that time of access, the whole contents of the account could have been stolen. An analysis of the email messages and file attachments showed they held patient data including names, dates of birth, treatment data, medicines, diagnoses, and provider details. In some cases, more extensive data was possibly exposed.

Trillium Health mentioned it has put in place extra safety measures to stop further breaches of email accounts, which include multi-factor authentication, and modification of its internal email configurations.