Alive Hospice Employee Email Breached Compromising Sensitive Patient Data

Exploit: Ransomware
Georgia’s Administrative Office of the Courts and Judicial Council of Georgia: Digital information arm for the Georgia state court system

Risk to Small Business: 2 = Severe: On May 6th, hackers gained access to an employee’s email account containing personally identifiable information for patients at Alive Hospice. Although the company quickly reset the account password, the intruder was able to view significant amounts of sensitive data. In this case, a single email account was able to compromise newsworthy amounts of patient data, while also interrupting business processes. Alive Hospice will incur the expense of credit and identity monitoring services, along with the less quantifiable reputational cost that accompanies a data breach.

Individual Risk: : 2 = Severe: Although there is no indication that hackers have misused any company data, they did have access to patients’ names, contact information, dates of birth, social security numbers, driver’s license numbers, credit/debit card numbers, medical history information, treatment and prescription information, physician information, medical record number, Medicaid/Medicare numbers, health insurance information, and other in-house account details. Therefore, those impacted by the breach should enroll in the free credit and identity monitoring services being offered by Alive Hospice while remaining vigilant about monitoring their accounts for suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  Personally identifiable information (PII) can quickly make its way to the Dark Web, where it can do considerable damage to those affected by a breach. Therefore, understanding what happens to compromised patient data is a significant part of any data breach recovery effort.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

3 Essential Types Of Cyber Security Your Business Must HaveCLICK HERE!
+ +