Pennsylvania-Based Health Network Announces Breach of Employee Email System
The Pennsylvania-based Einstein Health Network recently announced a breach of its employee email system, potentially exposing the personal and medical information of its patient. According to their released data security notice, the breach happened on August 5th of last year, meaning the company waited more than five months to make the breach public. The email system was breached by an “unauthorized person” on August 5th and persisted through August 17th.
The security notice claims that Einstein was unable to figure out whether the contents of patient-related emails were stolen but is taking the necessary steps to alert patients who might have had their personal and medical information stolen; this could include their name, date of birth, medical diagnoses and prescriptions. Einstein also said it has known about the suspicious activity in employee email accounts since August 10th.
Einstein emphasized the breach didn’t affect all patients, just those contained within employee email accounts.
It’s also important to note that the company broke regulations outlined in the Health and Human Services HIPPA Breach Notification Rule by waiting over five months to disclose the data breach. It is unknown whether Einstein Health Network will face any fines.
Sources: