Colorado Retina Associates began notifying 26,609 patients that an unauthorized party gained access to employee work email accounts and then used it to send phishing emails to individuals in the employee's electronic contacts.
On Jan. 12, the Denver-based provider discovered the data breach and began investigating. It hired a firm with expertise in computer forensics to assist in the investigation, secured the employee email account and secured their "entire email environment," the news release said.
On Feb. 24, the investigation concluded that an unauthorized party accessed two user accounts that had patient information and may have synced the email account to store the data between Jan. 6 and Jan. 17.
Personal information synced onto the hackers' databases may have included patients' full names, Social Security numbers, financial accounts and medical treatment information, among other personal information.
In response, CRA is enhancing its protections that are already in place, making changes to how authorized individuals access their accounts, requiring password changes to employee accounts and reminding employees about security awareness.
To read the full notice, click here.
CISO outlines additional cybersecurity challenges of working in a rural hospital
Health data hacking incidents spike 42% during pandemic: report
Hackers steal health data of 50,000 patients from Pace Program claim company