Phishing Attack on Reliable Respiratory Affects 21,000 Patients

Reliable Respiratory, which is a respiratory care provider in Norwood, MA experienced a phishing attack that impacted 21,311 patients. A suspected cyberattack was noted on July 3, 2018 after seeing strange activity in the email account of an employee. The account was investigated and it was found that the employee was targeted by a phishing campaign. The employee’s response to a phishing email led to the disclosure of his/her email account credentials.

The moment the unusual account activity was noticed on July 3, account access was blocked immediately. Computer forensic experts came in to investigate the nature and scope of the data breach. The investigation affirmed that an unauthorized individual accessed the account from June 28 to July 2. An examination of the emails associated with the account revealed that a large selection of protected health information (PHI) may have been viewed by the hacker.

Reliable Respiratory are notifying patients by mail about the breach and were being advised to keep an eye on their statements of account and explanation of benefits statements carefully for indications of identity theft and fraudulent transactions. It was not mentioned in the substitute breach notice whether the provider offered credit monitoring and identity theft protection services to the affected patients.

The PHI of patients that may have been exposed include: names, dates of birth, medical diagnosis, medical record numbers, treatment details, prescription medicine information, username and password, health insurance details, patient claim/billing information, state identification numbers, driver’s license numbers, passport number, Social Security numbers, bank account details, and credit or debit card details.

Reliable Respiratory is going to implement further safety measures to enhance the security of its network and will revise its policies and procedures as needed to lower the risk of encountering cyberattacks again. The breach report filed with the Department of Health and Human Services’ Office for Civil Rights noted that the phishing attack affected 21,311 patients.

Carpenters Benefit Funds of Philadelphia experienced a similarly sized email breach, which was reported to OCR on August 31, 2018. The email hacking led to the viewing and possibly the stealing the files of 20,015 plan members.

The breach notice was not posted yet by Carpenters Benefit Funds of Philadelphia to its website. No media outlet was not notified yet about the breach at the time of writing. Hence, the exact details of the breach is still unknown.