IA: Peoples Community Health Clinic notifying patients after discovering compromise of employee email account
Peoples Community Health Clinic in Iowa has been notifying some patients as a result of an employee’s email account being compromised.
As explained in their press release*, on March 22, 2021, PCHC became aware of suspicious activity related to an employee’s email account. An investigation revealed that between March 18, 2021 and March 22, 2021, there had been unauthorized access, but investigators “could not confirm what specific information within this account may have been actually accessed by the unauthorized individual.”
It took until May 24 for investigators to examine and catalog all of the types of information and patients who had information in the compromised account.
To date, PCHC has found no evidence suggesting any actual or attempted misuse of information as a result of this incident, but the scope of information potentially involved includes: “name; address; Social Security number; date of birth; driver’s license number or state identification number; medical diagnosis/medical treatment information; health insurance information; payment card number; or card CVV/expiration date.”
PCHC is in the process of notifying individuals whose information was involved.
You can read the full press release on PRNewswire.
*Due to an error, an earlier version of the press release had the wrong headline, suggesting that PCHC had been impacted by the Netgain Technology breach. DataBreaches.net reached out to PCHC early this morning to ask if the headline was an error, and received a call from PCHC’s external counsel who confirmed that there had been an error and that this incident had no connection to the Netgain ransomware incident, and that PCHC had never been impacted by the Netgain breach. The headline for the press release was edited, but the url still mentions”netgain.” Ignore that. 🙂