Paubox blog: HIPAA compliant email made easy

Reliable respiratory suffers HIPAA email breach

Written by Seiji Iwasaki | September 20, 2018

On September 1, 2018, Reliable Respiratory submitted a  HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Based in Norwood, MA, Reliable Respiratory’s email breach affected  21,311 individuals’ protected health information. Reliable Respiratory is classified as a Healthcare Provider.

According to  this report about Reliable Respiratory’s breach:

 

A cyberattack was suspected on July 3, 2018, following the detection of unusual activity in an employee’s email account. An investigation was launched to determine the cause of that activity, which revealed the employee had been targeted with a phishing campaign. The response to a phishing email resulted in the disclosure of that individual’s login credentials. The unusual account activity was detected on July 3 and the account was immediately secured. Computer forensic specialists were retained to determine the nature and extent of the breach. The breach investigation confirmed that the account had been accessed by an unauthorized individual between June 28 and July 2.
An analysis of the emails contained in the account showed a wide range of protected health information could potentially have been accessed by the attacker. Patients are now being notified of the breach by mail and have been advised to monitor their account statements and explanation of benefits statements closely for signs of identity theft and fraud. No mention was made in its substitute breach notice about whether credit monitoring and identity theft protection services are being offered to affected patients.
Patients affected by the breach may have had the following types of protected health information exposed: Name, date of birth, medical record number, medical diagnosis, treatment information, medication/prescription information, username and password, patient claim/billing information, health insurance information, driver’s license number, state identification number, Social Security number, passport number, bank or financial account information, and credit or debit card information. Reliable Respiratory will be implementing additional safeguards to improve the security of its systems and will update its policies and procedures to reduce the risk of experiencing future cyberattacks.

 

Reliable Respiratory Email Platform

 

We did an MX record lookup for Reliable Respiratory and determined they are using Microsoft 365 as their email platform. We have seen an alarming number of Microsoft 365 customers reporting HIPAA Email Breaches in 2018.
 

HHS Wall of Shame

 

The  HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured  protected health information affecting 500 or more individuals.

 

HIPAA Breach Report

 

The  Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.

 

Try Paubox Email Suite for FREE today.