More than 30,000 patients warned of potential PPI exposure

Email account breaches at Management and Network Services (MNS) may have exposed the “personal and protected health information” of patients, the US healthcare administration firm has warned.

MNS, which offers administrative support services to post-acute healthcare providers, said the data breach stems from a hack against email accounts last year.

“On or about August 21, 2019, MNS confirmed that several employee email accounts may have been accessed without authorization at various times between April and July of 2019,” MNS said in a statement.

“Five of the impacted email accounts were believed to contain personal or protected health information.”

After discovery the incident, MNS took action to secure its email system, as well as running an audit designed to access the scope of the data breach.

“The analysis recently revealed that personal and protected health information for providers’ patients and individuals referred to providers for treatment was contained in the affected email accounts,” according to MNS.

Third-party breach

More than 30,000 US healthcare patients have been caught up in the incident at MNS, according to a breach disclosure notice submitted to the US Department of Health and Human Services earlier this month.

Data potentially exposed by the breach covers names, medical treatment information, diagnosis information, medication information, insurance providers, health insurance numbers, dates of birth and Social Security numbers.

For a small (unspecified) number of individuals, affected information may also include driver’s license numbers, state identification card numbers, and financial account information.

READ MORE AccuDoc data incident highlights ‘growing calamity’ of third-party breaches

Although there is “no evidence of the misuse of any information potentially involved in this incident”, MNS notified its healthcare provider clients of the breach last month.

The company started directly warning individuals who might not have been contacted directly about the possible exposure of their private data last week.

These warning have been accompanied by suggested steps individuals might take to protect their personal information.

MNS has set up a hotline in order to handle enquiries from concerned individuals but there’s no talk about offering free credit monitoring services for a year or similar steps that often accompany corporate breaches.

MNS apologised for the security flap. The healthcare services firm said it had beefed up its email security policies and introduced multi-factor authentication in order to safeguard against similar breaches in future.

RECOMMENDED Banner Health settlement approval brings years-long data breach saga to a close