Authorization

Third Party Forensic Investigators Conclude Their Investigation into the June 2019 Data Incident at NCH

NAPLES, Fla., Feb. 17, 2020 /PRNewswire/ --A Cybersecurity specialists hired by NCH recently wrapped up their investigation into an email phishing attack against NCH.A  On or around June 14, 2019, NCH became aware of suspicious activity related to its human resources, timekeeping, and payroll system. NCH immediately launched an investigation into this suspicious activity and determined that certain employees fell victim to an email phishing scheme that allowed an unauthorized actor (hacker) to gain access to the employee's payroll records as well as their email accounts. Importantly, NCH patient medical record systems were not affected by this incident, and the sole purpose of the attack appears to have been to reroute direct deposit payroll funds; however, the stolen credentials would have allowed access to employee email accounts.A  Third party specialists undertook a diligent and time-consuming manual and programmatic review of the entire contents of the relevant email accounts to determine what data was present as the investigation was not able to determine if any email was actually viewed.A  On December 19, 2019, the review provided confirmation of the identities of those individuals who may have had information present within the email accounts under review. While, to date, the investigation has found no evidence of actual or attempted misuse of the information present in the relevant email accounts, NCH did determine that the email accounts affected by this incident may include some combination of the following information: patient name, date of birth, driver's license number, tribal identification number, financial account information, payment card information, medical history, treatment information, medication or prescription information, beneficiary information, provider information, patient identification number, health insurance information, and/or username/email and password information.A  Less than five (5) percent of the population had a Social Security number accessible.The confidentiality, privacy, and security of personal information in its care is one of NCH's highest priorities.A  Upon learning of the suspicious payroll activity, NCH immediately commenced an investigation and took steps to secure our systems.A  NCH worked with third-party forensic investigators to confirm the full nature and scope of this event.A  While NCH has measures in place to protect information in its systems, it is implementing additional safeguards to protect the security of information.On February 14, 2020, NCH began mailing notice letters to individuals whose information may have been present in the affected accounts. NCH is offering these individuals access to two years credit monitoring and identity restoration services without charge.A  NCH is also encouraging individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports and explanation of benefits forms for suspicious activity and to detect errors, as well as providing more information on steps individuals may take to protect personal information. NCH is also providing notice of this incident to the U.S. Department of Health and Human Services, as well as state regulators, as appropriate.A 
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Апрель 2020    »
ПнВтСрЧтПтСбВс
 12345
6789101112
13141516171819
20212223242526
27282930