Cincinnati, Ohio based health system TriHealth announced employee and patient data may have been accessed after a breach occurred at one of their partnering businesses. A law firm known as Bricker & Eckler used by TriHealth suffered a ransomware attack that affected their email systems. During the attack, patient and employee information that had been provided to the law firm was accessed by the attackers. At this time TriHealth does not believe the information that was accessed has been used maliciously, but they have begun notifying patients and employees that may have been affected. Along with the notification, the health system is also providing up to a year’s worth of free credit and identity monitoring. Anyone else who has questions or thinks they could have been affected are asked to call the law firm.
Analyst Notes
TriHealth has stated that they are boosting their security protocols in order to avoid another instance like this in the future. When using third-party companies, it is very important to make sure they are taking the proper steps to make sure the sensitive data they receive and store is being secured properly. Those who were affected in the breach should be aware of targeted phishing campaigns that may occur, and if any health insurance or diagnosis information was breached, the affected patients should closely monitor not only their credit reports, but also consider placing a credit freeze and notifying their insurance carrier to be on the lookout for fraudulent claims to pay for expensive medical procedures. Some criminals make use of stolen health insurance and identity information to steal benefits or even collude with corrupt medical professionals to commit insurance fraud.
Source: https://local12.com/news/local/trihealth-reports-patient-and-employee-data-breach-through-law-firm
