[BreachExchange] MICHIGAN HOSPITAL SUFFERS SECURITY INCIDENT IMPACTING MORE THAN 25K

Destry Winant destry at riskbasedsecurity.com
Wed Oct 21 10:36:48 EDT 2020 

https://www.healthleadersmedia.com/innovation/michigan-hospital-suffers-security-incident-impacting-more-25k

After an extensive forensic investigation, Oaklawn determined that the
compromised email accounts may have contained identifiable personal
information or protected health information of Oaklawn patients.

A version of this article was first published October 20, 2020, by
HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Oaklawn Hospital, a healthcare provider in Marshall, Michigan,
recently reported a security incident that potentially impacted 26,861
individuals, according to the Office for Civil Rights (OCR) breach
report.

In a security notice posted on its website, Oaklawn disclosed details
regarding a security incident that involved access to certain employee
email accounts by unauthorized third parties as the result of a
phishing attack that occurred between April 14 and April 15.

Upon learning of the issue, Oaklawn disabled access to the compromised
accounts and required mandatory password resets to prevent continued
access by unauthorized users.

GET THE LATEST ON HEALTHCARE LEADERSHIP IN YOUR INBOX.

After an extensive forensic investigation, Oaklawn determined that the
compromised email accounts may have contained identifiable personal
information or protected health information of Oaklawn patients.

The information accessed may have included the following:

Dates of birth
Driver’s license numbers
Medical and health insurance information
Names
Online login information
Social security numbers

According to the security notice, Oaklawn currently has no evidence to
suggest that any of the information has been misused or is in the
possession of someone it should not be.

Oaklawn sent notification letters to each affected individual and
encouraged those impacted to monitor their insurance statements. In
addition, Oaklawn set up complimentary credit monitoring for
individuals whose social security numbers may have been accessible
during the breach.

Oaklawn also indicated that it has upgraded its security measures
since the incident, improving its multi-factor authentication software
and providing additional training for employees.

More information about the BreachExchange mailing list