Phishing Attack on Ohio Living and Guardiant Exposed the PHI of 7,600 Persons


Ohio Living, which is a company that provides life plan communities and home health services, found out that an unauthorized person has accessed the email accounts of a few of its employees. On July 10, 2018, Ohio Living identified the suspicious activity associated with one employee’s email account. It was investigated immediately with the help of a third-party computer forensics specialist to know the details of the breach and how the unauthorized person gained account access. On July 19, 2018, the investigators told Ohio Living that a number of email accounts were compromised on July 10 and an unauthorized person accessed those accounts.

There was no way of knowing if the attacker opened or downloaded any emails. Analysis of the emails showed they contained the 6,510 persons’ protected health information (PHI). When Ohio Living discovered the breach, all compromised account passwords were reset. The password of all other employees’ email accounts were also reset. Employees of Ohio Living were given further training to raise security awareness and stop email breaches from happening again.

On September 4, 2018, the computer forensics experts informed Ohio Living that the emails included the some of these information: the names of patients, contact details, financial data, Social Security numbers, dates of birth, Patient ID numbers, medical record numbers, clinical data, medical data, diagnosis information, treatment details, and health insurance information.

To date, no one submitted any report that indicate the misuse of any PHI. However, as a precautionary measure, Ohio Living offered free credit monitoring and identity theft protection services to all patients impacted by the breach .

Guardiant, a liquid biopsy specialist in Redwood City, CA, discovered that an unauthorized person accessed the email account of one employee after the employee responded to a phishing email last July 2018. According to the investigation results of the breach, the attacker was able to access the account for five days prior to Guardiant’s resetting the password to block account access.

Upon checking of the emails in the compromised account, they contained the PHI of around 1,100 patients. The information potentially viewed by the attacker included the patients’ names, contact information, birth dates, medical codes and Social Security numbers for some patients.