Someone on Twitter asked me what the first breach of 2022 would be. The following public notice is not the first breach of 2022. It is a 2021 breach that just showed up after midnight in my news search this morning. And because it involves a third-party breach, we may see other covered entities affected, too. DataBreaches.net has reached out to Ciox Health to ask for more details. In the meantime, here is UVA’s public notice:
On December 3, 2021, UVA Health, including the UVA Medical Center in Charlottesville and UVA Culpeper Medical Center in Culpeper, learned from Ciox Health, a vendor of health information management services for UVA Health and many other health systems and providers nationwide, that an unauthorized person accessed a Ciox Health employee’s email account and may have been able to view health information of patients of several of Ciox’s health system and provider clients, including the information of 429 UVA Health patients (.01% of total UVA Health patient records). Ciox Health has informed UVA Health that the unauthorized access occurred between June 24 and July 2, 2021, and during that time an unauthorized individual may have downloaded emails and attachments in the account. Ciox Health began investigating this incident as soon as they detected it and promptly reported it to UVA Health. They have provided the following details regarding this incident:
What Happened? Ciox Health became aware of unusual activity on the email account of one of their employees and, after securing the account, launched an investigation with the assistance of an outside cybersecurity firm. Unfortunately, Ciox Health has indicated that their investigation was unable to determine whether any emails or attachments were actually viewed or acquired. The activity occurred solely within Ciox Health’s systems and did not in any way compromise the security of UVA Healt ..
Support the originator by clicking the read the rest link below.
