image
Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient and primary care centers, announced a breach of its employee email system, which exposed patient personal and medical information. The company waited more than five months to make the compromise public. Einstein said its email system was compromised by an “unauthorized person” on Aug. 5, according to the statement, and persisted through Aug. 17. Einstein added it wasn’t able to figure out whether the contents of patient-related emails were stolen but is taking steps to alert patients who might have had everything from their name, date of birth and even diagnoses and prescriptions exposed to criminals. Einstein said it has known about suspicious activity in employee email accounts since Aug. 10. “While this review is ongoing, we have identified emails and/or attachments in the accounts that contained patient information, which may have included some patients’ names, dates of birth, medical record or patient account numbers, and/or treatment or clinical information, such as diagnoses, medications, providers, types of treatment, or treatment locations,” Einstein said. “In some instances, patients’ health insurance information and/or Social Security numbers were also included in the accounts.” Einstein Broke HHS Breach Notification Rule Einstein emphasized the breach didn’t affect all patients, just those contained within employee email accounts. The company has opened a helpline and is…

Source