United States – Navicent Health
Exploit: Employee e-mail breach
Navicent Health: Second largest hospital in Georgia and part of the Central Georgia Health System
Risk to Small Business: 1.777 = Severe: In a recent data breach notice, Navicent Health disclosed that they learned about a breach originating with their employees’ corporate email accounts, which were accessed by an unauthorized third party. Although no evidence of identity theft was revealed, the company was forced to take responsibility, notify patients, and offer free identity protection services, while also pledging to improve their security infrastructure moving forward.
Individual Risk: 2.857 = Severe Navicent doesn’t believe any of the accessed data is being used to perpetuate identity theft or other cybercrimes, but the compromised emails did include sensitive patient data including their names, birthdays, addresses, medical information, and social security numbers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
