Humana-owned Family Physicians Group in Orlando notified 8,400 patients that a number of their protected health information (PHI) were potentially compromised because of a phishing attack.
Family Physicians Group is one of the biggest companies providing healthcare for Medicare and Medicaid beneficiaries situated in Central Florida and manages 22 clinics in the area.
The investigation results of the breach revealed that an unauthorized person accessed the email account of an employee on August 7, 2018. The unauthorized person possibly accessed the account until the breach was discovered on August 21, 2018 and login information was modified. The attacker was able to obtain the login information when the employee was misled to take action on a phishing email.
The Family Physicians group notified the patients affected by the breach on December 28, 2018. There is no reason given for the more than 4 months delay in issuing notification letters to patients.
An examination of the email messages in the compromised account showed that some messages contained the PHI of patients. There were no financial information or Social Security numbers contained in the emails. The data breach only potentially exposed names, birth dates, doctors’ names, and health insurance data.
Family Physicians Group did not receive any report that suggest the theft or misuse of any patient information. All email passwords of employees in the Family Physicians Group were reset as a precautionary measure and has enhanced its email program and integrated additional security controls to boost security against phishing attacks.