Email Security Breaches at Orthopaedics Practice and Administrative Advantage

The Centers for Advanced Orthopaedics based in Maryland, Virginia and Washington DC learned that unauthorized persons accessed the email accounts of several employees. On September 17, 2020, the practice detected suspicious activities in its email system. Investigating third-party cybersecurity specialists confirmed that unauthorized individuals accessed a number of email accounts from October 2019 to September 2020.

An evaluation of the compromised email accounts was carried out to find out the types of information that were breached and it was affirmed on January 25, 2021 that protected health information (PHI) might have been viewed or gotten by cybercriminals.

The email accounts comprised data of patients, workers, and their dependents. Patient records were mostly restricted to names, diagnoses, treatment details and dates of birth. A part of patients furthermore had one or more of these data types included in the email account: driver’s license number, Social Security number, passport number, financial account data, payment card details, or email/username and password.

Staff and dependent details were usually limited to date of births, medical diagnoses, treatment data, Social Security numbers, and driver’s license numbers. A subset included at least one of the following data: passport number, payment card data, financial account details, or email/username and password.

Breach notification letters were delivered to affected people starting March 25, 2021. Complimentary credit monitoring and identity restoration services were provided to impacted persons.

Policies and procedures and security solutions are being evaluated and will be revised to enhance security against these forms of breaches.

Vendor Email Breach Impacts Remedy Medical Group Patients

Administrative Advantage, a vendor offering billing support services to Remedy Medical Group, a pain management specialty practice in California, has found out that an unauthorized individual accessed the email account of an employee. The vendor noticed suspicious activity in the email account in July 2020 and investigated the incident to know the nature and magnitude of the breach. The investigating third-party security specialists established on August 18, 2020 that unauthorized people accessed the email account from June 23, 2020 to July 9, 2020.

The email account compromised at the time of the breach contained the PHI of Remedy Medical Group patients, such as names, financial account details, driver’s license and/or state identification numbers, Social Security numbers, credit and/or debit card data, birth dates, electronic signature details, passport numbers, username and password data, Medicare numbers, Medicaid numbers, medical record numbers, treatment locations, diagnoses, health insurance data, and lab test data. The types of data likely compromised varied from one patient to another.

Because of the breach, security steps were assessed and extra training on email security was given to the workforce. People possibly in danger of identity theft were given access to identity theft protection services at zero cost.