AultCare Corporation, along with AultCare Insurance Company and Aultra Administrative Group (collectively “AultCare”), recently reported a data breach that may have compromised the personally identifiable information (PII) and protected health information (PHI) of an undetermined number of individuals.
What happened
AultCare disclosed the breach to the Attorney General of the Commonwealth of Massachusetts, stating that the incident was discovered on September 25, 2024, after detecting unusual activity in an employee’s email account.
Upon investigation, the company confirmed that an unauthorized third party had accessed sensitive personal information using an employee’s email account and SharePoint instance. On November 22, 2024, AultCare informed employer-sponsored health plans of the breach.
Furthermore, AultCare started mailing notification letters to impacted individuals, offering 24 months of complimentary credit monitoring services to mitigate the risks of potential identity theft.
What was said
In the AultCare breach notification letter, Aria Walker, Chief Compliance and Privacy Officer at Aultman Health System stated, “We deeply regret any inconvenience or concern this incident may cause and take this matter seriously.”
In the know
Covered entities, like AultCare, are a major target for cyberattacks due to the vast amounts of PII and PHI they handle. Cybercriminals often use phishing attacks to access employee email accounts and compromise sensitive data.
Therefore, covered entities must use a HIPAA compliant email solution, like Paubox, to mitigate the risk of unauthorized access and potential data breaches. These solutions use advanced security measures including encryption, multi-factor authentication (MFA), and access controls to safeguard email contents during transit and at rest.
Additionally, organizations must regularly train employees on threat monitoring to strengthen cybersecurity defenses further.
The bottom line
When covered entities suffer a data breach, they become subject to financial and reputational damage, in addition to costly HIPAA violations. Affected individuals must use the offered credit monitoring services and monitor their accounts for potential fraud. Moving forward, AultCare must implement the necessary security measures to prevent similar incidents and protect the integrity of PII and PHI.
FAQs
How does encryption help HIPAA compliance?
Encryption converts contents into a form only accessible to the authorized recipient, not any other person or system. It prevents unauthorized access, upholding HIPAA regulations.
When should new employees receive HIPAA training?
New employees should receive HIPAA training soon after they start working so they know how to handle patient information correctly from the beginning.
What should employees do if they suspect a HIPAA violation?
Employees must notify their supervisor or the organization's compliance officer to prompt immediate action, like launching an investigation to assess the situation and mitigate the risk of potential data breaches.
Go deeper: How to respond to a suspected HIPAA breach
