Texas-based spinal clinic, Precision Spinal Care, has announced one of the first healthcare data breaches of 2021. The breach was noticed after a threat actor was able to access an employee email account. The attack is believed to be an attempt at extorting the clinic, but from preliminary investigation results that seems to have been unsuccessful. There is a chance that information within the employees’ email account could have revealed data such as some patients’ names, addresses, dates of birth, and limited health information. While it is unknown how many people, if any at all, could have had their information accessed, Precision Spinal has begun notifying some of its clients anyway. The breach portal provided by the US Department of Health and Human Services states that more than 20,000 people may have been affected.
Analyst Notes
It is important for anyone who may have been affected to keep an eye out for suspicious emails. When receiving email from unknown senders, especially messages that include attachments, users should be extremely cautious and not provide any personal information. It’s important also to make sure employees are properly trained on how to spot phishing attempts and what they can do to report them. If any patients’ health insurance information was stolen, those individuals should watch for fraudulent insurance claims and quickly inform their insurance provider.
Source: https://portswigger.net/daily-swig/us-spinal-care-practice-among-first-to-issue-healthcare-data-breach-warning-in-2021?&web_view=true