In August, 2019, this site reported on an incident at NCH Healthcare in Florida. At the time, it was not clear whether patient data was impacted in the phishing incident. The entity had become aware of suspicious activity on June 14, but by mid-August, there was no report on HHS’s public breach or detailed disclosure.
Now the entity has issued an updated breach disclosure, it seems, although there is still nothing up on HHS’s public breach too as of the time of this posting.
NCH Healthcare System, Inc. (“NCH”) is providing notice of an incident that may affect the privacy of certain information so that potentially affected individuals may take steps to better protect their personal information, should they feel it appropriate to do so.
FREQUENTLY ASKED QUESTIONS
What Happened?
On or around June 14, 2019, NCH became aware of suspicious activity related to our human resources, timekeeping, and payroll system. We immediately launched an investigation into this suspicious activity and determined that certain employees fell victim to an email phishing scheme that allowed an unauthorized actor (hacker) to gain access to the employee’s payroll records as well as their email accounts. Importantly, NCH patient medical record systems were not affected by this incident, and the sole purpose of the attack appears to have been to reroute direct deposit payroll funds; however, the stolen credentials allowed access to employee email accounts. Third party specialists undertook a diligent and time-consuming manual and programmatic review of the entire contents of the relevant email accounts to determine what data was present as the investigation was not able to determine if any email was actually viewed. On December 19, 2019, the review provided confirmation of the identities of those individuals who may have h ..
Support the originator by clicking the read the rest link below.
