Unauthorized access to employee email compromises some patient info

A neurological healthcare facility in the US has reported a data security incident impacting an undisclosed number of patients.

The Center for Neurological and Neurodevelopmental Health (CNNH), a medical and psychological treatment service for neurodiverse individuals, reported this week that it had detected suspicious activity on an employee’s email account, beginning November 22, 2019.

“CNNH immediately took steps to secure the account and worked with a cybersecurity firm to assist in its investigation,” the organization, which operates locations in New Jersey and Pennsylvania, said in a press release.

The investigation found that unauthorized access to the email account in question had occurred between October 7 and November 22 of last year, potentially affecting the personal information of some CNNH patients.

This included patient names, addresses, dates of birth, medical records, and health insurance information, CNNH said. Medical details of certain patients such as diagnosis, lab test results, and prescriptions may have also been compromised.


Read the latest healthcare breaches and security news


“This incident did not affect all CNNH patients; but only those patients who had information contained in the email account,” the organization added.

CNNH said that there had been no evidence of misuse as a result of the security incident, but that it would be informing those patients implicated by post.

“CNNH has established a toll-free number to answer any questions individuals may have about the incident,” it said.

“CNNH recommends that affected patients review statements they receive from their insurer and healthcare providers.

“If they see services they did not receive, they should contact the insurer or provider immediately.”

CNNH, which offers services for infants, children, and adults, said that it would be improving its security measures following the incident.

“We remain committed to protecting the confidentiality and security of our patients’ information,” it said.

“To help prevent something like this from happening in the future, CNNH has enhanced its email security, enabled multi-factor authentication on all email accounts, and is continuing to educate employees on email security.”

“We regret any concern or inconvenience this incident may cause,” it added.

The Daily Swig has asked CNNH to confirm how many individuals were potentially impacted.


YOU MIGHT ALSO LIKE UK privacy watchdog publishes rules for a child-friendly internet