Phishing Attack on InterMed and Laptop Theft at Children’s Hope Alliance

Healthcare company InterMed based in Portland, ME is informing 33,000 patients regarding the potential exposure of their protected health information (PHI) because of a phishing attack.

InterMed discovered the phishing attack on September 6, 2019. It was confirmed by the investigation team that the email account was breached on September 4. The attackers got access to the account up to September 6, 2019.

A top-rated national computer forensic company helped investigate the breach and identified three other email accounts were compromised from September 7 up to September 10, 2019.

A thorough evaluation of the compromised email accounts was carried out yet it wasn’t possible to identify what email messages or file attachments, the attackers had accessed.

Varied patients had varied types of data contained in the compromised email accounts. The following data might have been involved: patients’ names, birth dates, medical insurance details, and some clinical details. The Social Security number of a “very limited” number of patients were likewise compromised.

On November 5, 2019, InterMed started the sending of breach notification letters to impacted patients. Individuals who had their Social Security numbers compromised also got offers of complimentary credit monitoring and identity protection services.

InterMed had now taken action to strengthen email security and reinforced the training of employees to assure observance to email security guidelines.

Laptop of a Children’s Hope Alliance Employee Stolen

The child welfare agency known as Children’s Hope Alliance based in Barium Springs, NC has reported the theft of a laptop computer that contains sensitive information.

Based on the substitute breach notice posted on the website of Children’s Hope Alliance, the laptop theft happened on October 7, 2019. A digital forensic company investigated the incident to know if the laptop had any sensitive data. The investigation is in progress, however, the preliminary finding reveals that the device contained documents with information like names, birth dates, addresses, tax identification numbers, Social Security numbers, usernames, passwords, and medication and dosage details.

Children’s Hope Alliance submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that 4,564 people were affected. The breach summary also indicates that the breach was due to hacking/IT incident involving email. It is uncertain at this time if there was an error, a separate breach, or whether the laptop computer had been used for hacking into the email account of the employee.