Eight details:
- The ACEP manages other professional organizations in healthcare, including the Emergency Medicine Foundation, the Emergency Medicine Residents’ Association and the Society for Emergency Medicine Physician Assistants.
- The data breach notice was sent out to current members of these organizations, former members and anyone who either purchased or donated to one of the organizations.
- On Sept. 7, ACEP discovered unusual activity on its systems and launched an investigation. The investigation discovered that credentials to ACEP’s database servers were compromised by an unauthorized party.
- The database did not store any health or patient information, ACEP told Becker’s. However, it did include member profile details, with some profiles including financial account information and Social Security numbers.
- The investigation found that data was breached between April 8 and Sept. 21, 2020.
- ACEP said there is no evidence the servers were subject to unauthorized access or acquisition.
- In response to the data breach, ACEP replaced the affected server, changed passwords, and added new cyber-monitoring and technical security safeguards.
- ACEP will provide one year of free credit monitoring and identity restoration services through Epiq.
“ACEP takes the security of member and customer information very seriously,” an ACEP spokesperson told Becker’s. “All members, customers and staff can continue to monitor recent credit transactions and are encouraged to contact the association immediately if any discrepancies are discovered.”
More articles on cybersecurity:
57% of employees save passwords on a sticky note + 10 findings that make your hospital vulnerable
Vermont state health insurance website exposed other users’ info when logging in
44% of healthcare cyberattacks caused by network breaches
