As cyber attacks on healthcare organizations continue, information technology managers remain challenged to continually update measures to protect critical patient data. One Michigan health system recently found out the hard way just how persistent attackers can be.
Covenant HealthCare has confirmed that an unauthorized individual gained access to two employees' email accounts, potentially exposing about 45,000 patients' information, according to Becker’s Health IT. The accounts were accessed May 4, 2020, and contained patients' personal information, including names, addresses, Social Security numbers, and medical diagnosis and clinical information.
An FBI investigation found that hackers repeatedly combined vulnerable user IDs with different passwords until a combination worked, allowing them to access the two email accounts. The hackers were attempting to sell Covenant's login and password information on the dark web.
The Saginaw, Mich.-based health system posted a notice of the data security incident on its website, saying it was unable to secure contact information for all 45,000 patients who might be affected.
To prevent future attacks, Covenant HealthCare implemented multi-step authentication for employee email accounts. While Covenant HealthCare has found no evidence to indicate any misuse of patients' personal information as a result of this incident, it recommends that those potentially affected monitor their accounts.
Click here to read the article.
Dirty Floors: How Pathogens Can Accumulate and Spread Underfoot
WellSpan Health Opens Its Newberry Hospital in Pennsylvania
Cahaba Center for Mental Health Ensnared in Data Breach
Reframing the Construction Manager as a Community Manager
Health First Celebrates 'Topping Off' Ceremony for New Cape Canaveral Hospital Campus