Adironcack Health breach exposes 25,000 patients data

Exploit: Unauthorized email account access
Adirondack Health: Full-service healthcare provider serving patients in the Adirondack region of New York

Risk to Small Business: 1.555 = Severe: In March 2019, a remote hacker gained access to an employee’s email account that contained copious amounts of personal data. Although only one email contained patients’ personally identifiable information, it included an attachment for a “gap-in-care” analysis spreadsheet that provided hackers with access to a deluge of patient data. HIPAA guidelines mandate that companies report a data breach within 60 days, so it’s unclear why the company waited longer to notify the agency. In addition to the PR disaster that always accompanies a data breach, Adirondack Health could face fines and penalties because of their slow response time.

Risk to Small Business: 2.142 = Severe: A significant amount of personal information was compromised in this breach, including names, treatment data, health insurance information, and dates of birth. Because this information is frequently sold on the Dark Web, those impacted by the breach should carefully monitor their accounts for suspicious activity. Moreover, identity and credit monitoring services can help ensure that credentials remain secure.

Customers Impacted: 25,000
How it Could Affect Your Customers’ Business: Small mistakes can have catastrophic consequences for personal data. In this case, brief access to a single email account provided hackers with just one document that compromised data integrity for thousands of people. While companies should take every measure possible to protect their data before a breach, understanding what happens to people’s information after it’s compromised is an important step in the recovery process.