East Paris Internal Medicine Associates, PC, recently experienced a data breach affecting thousands of individuals through an email-related attack.
On November 22, 2024, East Paris Internal Medicine Associates, PC, a healthcare provider located in Michigan, reported a data breach addicting 5,239 individuals. The breach, classified as “Unauthorized Access/Disclosure” occurred due to email-related issues, although specific details regarding the unauthorized access were not disclosed. East Paris has reported the breach to the Department of Health and Human Services (HHS) of the breach.
According to East Paris’s Notice of Privacy Practices, they had the following provision for the Privacy Rule, “You have the right to receive a privacy breach notice - You have the right to receive written notification if the practice discovers a breach of your unsecured PHI, and determines through a risk assessment that notification is required.”
It can, therefore, be presumed that those affected have received a notice of data breach or can expect to receive it in the coming days and weeks ahead.
Email-related data breaches are especially impactful to healthcare organizations due to the wealth of information they expose to unauthorized persons. The breach, in this case, could result in a trickle-down effect where the information used can be leveraged for ransom against the organization as well as being used against patients affected by identity theft or financial fraud.
Related: HIPAA Compliant Email: The Definitive Guide
A breach happens when sensitive information like personal health data is accessed, stolen, or exposed without permission.
Cybersecurity refers to the practices and technologies used to protect computer systems, networks, and data from digital attacks.
A part of HIPAA that sets the rules for the safeguarding of electronic protected health information.