[ISN] Email hack makes for HIPAA breach

http://www.healthcareitnews.com/news/hipaa-breach-letters-go-out-after-email-hack By Erin McCann Associate Editor Healthcare IT News October 14, 2014 An academic medical center in California is notifying patients of a HIPAA breach after officials discovered a physician’s email account had been hacked by an outside source. University of California Davis Health System has notified 1,326 patients that their protected health information, which was contained on this physician’s email account, was compromised. The breach, which occurred at UC Davis Medical Center, was discovered Sept. 26, according to patient notification letters mailed out. The email incident had occurred one day earlier. “Our IT team has undertaken a review of the event, but the exact root cause of the incident remains unknown. We do not see evidence of a phishing attack,” said Shara Merritt Reed, privacy program director at UC Davis Health System, in an emailed statement. “We hesitate to speculate but deduce the credentials were obtained by other means in order to utilize the account.” In a letter mailed to affected patients Reed explained that UC Davis providers use their emails for patient care purposes, specifically, for example, upcoming appointments, or patient care exchange for a consultation or referral. “When this happens, limited amounts of patient information may be included in the provider’s email account,” she explained in the letter. […]