[BreachExchange] 45, 000 patients at Covenant HealthCare potentially exposed by data breach

[Destry Winant]

https://www.abc12.com/2021/02/26/45000-patients-at-covenant-healthcare-potentially-exposed-by-data-breach/

SAGINAW, Mich. (WJRT) - Covenant HealthCare in Saginaw is working to
notify 45,000 of its patients who may have been affected by a data
breach.

The move comes after two employees email accounts were compromised in May 2020.

In a written statement, hospital officials say they aren’t aware of
any reports of identity theft, fraud or improper use of any patient’s
information after an extensive forensic audit was completed in
December.

The hospital says the FBI discovered someone was attempting to sell
login and password access to Covenant’s network on the dark web.

Two employees’ emails were compromised for less than one hour when the
breach happened. Those email accounts contain personal information,
including names, addresses, Social Security numbers and other
sensitive information.

Patients who were potentially affected were sent a notice letter with
specific steps to follow when contacting the hospital’s breach
response hotline. After the breach happened, Covenant immediately
tightened its network security by putting multifactor authentication
in place, meaning several steps are now necessary to gain access to
the network.

Covenant says they are continuing to monitor their network security to
prevent any further breaches from happening.

This isn’t the first time Covenant HealthCare has dealt with a data
breach. In September 2018, a software attack potentially exposed the
personal information of some of the hospital’s patients.

Other providers, including the Health Alliance Plan and McLaren Health
Care, were part of that same breach.