Hackers Hit Healthcare Data Management Company

The protected health information (PHI) of thousands of individuals may have been exposed in a hacking incident at a healthcare information management company based in Georgia.

Clinical or treatment information and Social Security numbers were among the sensitive data compromised during a successful cyber-attack on Ciox Health that took place last summer.

Ciox Health, which is headquartered in Alpharetta, provides a variety of services, including information release, medical record retrieval, and health information management to more than 30 healthcare providers.

According to a notice recently issued by Ciox Health, an unauthorized person accessed the email account of a Ciox employee between June 24, 2021, and July 2, 2021. 

The company warned that the threat actor may have used that access to download emails and attachments associated with the compromised account.

"Ciox reviewed the account’s contents to determine whether sensitive information was contained in the account," said the notice. 

"On September 24, 2021, Ciox learned that some emails and attachments in the employee’s email account contained limited patient information related to Ciox billing inquiries and/or other customer service requests."

Information that the attacker may have accessed included patient names, provider names, dates of birth, and/or dates of service. Social Security numbers or driver’s license numbers, health insurance information, and/or clinical or treatment information was also exposed in what Ciox described as "very limited instances."

The data breach was reported to the US Department of Health and Human Services' Office for Civil Rights on December 30 as a hacking/I ..

Support the originator by clicking the read the rest link below.