South Country Health Alliance (SCHA), a public health department in Minnesota, suffered a security incident that may have affected the personal information of some SCHA community members. SCHA discovered unauthorized access to an employee email account on June 25, 2020. After a primary investigation, SCHA confirmed that certain private information belonging to some of its community members may have been stored in the account.
The exposed information included personal and protected health information like names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, date of death, provider name, and treatment cost information.
While there is no evidence of any misuse of the exposed information in the incident, SCHA has notified about the breach to the impacted members. The health service provider provided information about the incident and recommended the necessary security steps to protect their personal information. In addition, SCHA offering complimentary credit monitoring and identity protection services to the affected members.
Cyberattacks on health care organizations have become rampant in 2020. With multiple data breaches and ransomware attacks, the health care providers continued to be the primary target for cybercriminals. According to the “U.S. Health Care Data Breach Statistics” survey, around 70% of the U.S. population is affected by health care data breaches, with over 230,954,151 health records lost, stolen, or exposed in various security incidents. 2018 and 2019 witnessed a sharp increase in the number of individuals affected by health care data breaches, with a six-fold increase between 2017 and 2019.