Sensitive Information of more than 500 Patients Exposed in Summa Health Breach
Exploit: Phishing scam
Summa Health: Non-profit healthcare system serving Northeast Ohio
Risk to Small Business: 1.666 = Severe Risk: When employees opened a phishing email and entered credentials into a false form, hackers gained access to protected health information. The healthcare provider disclosed two breaches, one occurring in August 2018 and another in March 2019. It’s unclear why the company didn’t become aware of the breach until May 1st, or why it took almost a month to notify victims of the breach. Their slow response could make it more difficult for victims to identify instances of identity or financial fraud, and also shines a spotlight on the healthcare provider’s data security standards.
Individual Risk:1.857 = Severe Risk: Hackers accessed significant amounts of personally identifiable information in the breach, including names, dates of birth, medical records, patient account numbers, treatment information, health insurance information, social security numbers, and driver’s license numbers. Those impacted by the breach are encouraged to enroll in credit and identity monitoring services. In addition, they should carefully and continually review their account information, reporting any unusual activity and unauthorized changes as soon as possible.
Customers Impacted: 500
How it Could Affect Your Customers’ Business: Phishing scams are entirely preventable, and any organization handling personally identifiable information needs to ensure that their employees are equipped to identify and report these increasingly prevalent threats. Exposed personal details usually find their way to the Dark Web, where bad actors can leverage them for a variety of nefarious purposes. It’s critical that companies are prepared with cybersecurity awareness and identity protection.