- I gave my Android phone thermal vision superpowers with this accessory
- My favorite 12-in-1 electric screwdriver is the only one you'll need - and it's on sale
- This large-screen Samsung tablet left me with no iPad Pro envy - and it's up to $800 off
- Why I recommend this TCL Mini LED TV over flagship OLEDs - especially at up to $1,500 off
- This LG C5 OLED for $400 off is one of my favorite TV deals ahead of Memorial Day
Hackers Hit Healthcare Data Management Company
The protected health information (PHI) of thousands of individuals may have been exposed in a hacking incident at a healthcare information management company based in Georgia.
Clinical or treatment information and Social Security numbers were among the sensitive data compromised during a successful cyber-attack on Ciox Health that took place last summer.
Ciox Health, which is headquartered in Alpharetta, provides a variety of services, including information release, medical record retrieval, and health information management to more than 30 healthcare providers.
According to a notice recently issued by Ciox Health, an unauthorized person accessed the email account of a Ciox employee between June 24, 2021, and July 2, 2021.
The company warned that the threat actor may have used that access to download emails and attachments associated with the compromised account.
“Ciox reviewed the account’s contents to determine whether sensitive information was contained in the account,” said the notice.
“On September 24, 2021, Ciox learned that some emails and attachments in the employee’s email account contained limited patient information related to Ciox billing inquiries and/or other customer service requests.”
Information that the attacker may have accessed included patient names, provider names, dates of birth, and/or dates of service. Social Security numbers or driver’s license numbers, health insurance information, and/or clinical or treatment information was also exposed in what Ciox described as “very limited instances.”
The data breach was reported to the US Department of Health and Human Services’ Office for Civil Rights on December 30 as a hacking/IT incident impacting 12,493 individuals.
Ciox Health said it began notifying its healthcare provider customers of the security incident on November 23. The security notice published on Ciox Health’s website was issued on behalf of 32 different healthcare providers, including Children’s Healthcare of Atlanta, Indiana University Health, Niagara Falls Memorial Medical Center Health System, and Sarasota County Public Hospital District d/b/a Sarasota Memorial Health Care System.
“To help prevent something like this from happening again, we have and will continue to identify opportunities to implement additional procedures to further strengthen our email security, including by providing enhanced cybersecurity training to our employees,” stated Ciox Health.
