On Jan. 12, the Denver-based provider discovered the data breach and began investigating. It hired a firm with expertise in computer forensics to assist in the investigation, secured the employee email account and secured their “entire email environment,” the news release said.
On Feb. 24, the investigation concluded that an unauthorized party accessed two user accounts that had patient information and may have synced the email account to store the data between Jan. 6 and Jan. 17.
Personal information synced onto the hackers’ databases may have included patients’ full names, Social Security numbers, financial accounts and medical treatment information, among other personal information.
In response, CRA is enhancing its protections that are already in place, making changes to how authorized individuals access their accounts, requiring password changes to employee accounts and reminding employees about security awareness.
To read the full notice, click here.
CISO outlines additional cybersecurity challenges of working in a rural hospital
Health data hacking incidents spike 42% during pandemic: report
Hackers steal health data of 50,000 patients from Pace Program claim company