Partners in care is a visiting nurse service that operates out of New York. Somewhere between November 17th, 2018 and December 12th, 2018 a phishing attack occurred in which an employee’s email account was compromised. This was not noticed until March 4, 2019 and by that time a substantial amount of patient information was accessed by attackers. The personal information that was included were names, dates of birth, medical record numbers, and Social Security numbers. Medical information such as patients diagnosis, treatment methods, medications, and insurance details were all left exposed as well. A forensic investigation has now been carried out by the healthcare firm and cybersecurity professionals have been hired to help. Patients that could have been affected have been notified and the proper steps to remedy the situation are being taken.
Analyst Notes
Users should continuously review their account statements for any activity that would not be considered normal. Emails that come in from unknown senders should be checked out to verify if they are legit. If a user believes the email to be suspicious it should be reported to their employer immediately.
