When a security breach has made protected health information (PHI) vulnerable, organizations have to take the appropriate steps to ensure that this type of action is less common. Since PHI is accessible through multiple means, especially remotely, the systems care providers decide to focus on may vary for each breach. Earlier this month, Oakland Family Services in Pontiac, Michigan, reported that an employee's email account had been unlawfully accessed off-site, putting multiple forms of PHI at risk.
As an official statement from the provider describes, more than 170 clients out of a group of around 16,000 had their Social Security Numbers included in the hacked email account. Although the fraudulent action took place on July 14, patients seen as far back as April 2007 could be part of the affected population. The source says that there doesn't appear to be any evidence suggesting any PHI was downloaded.
The compromise appears to be the result of a "phishing" scam, which trick email recipients into providing important information. The United States Securities and Exchange Commission recommends multiple actions to reduce the chance of fraud, including utilizing the proper security programs.
Since PHI is accessible through multiple means, especially remotely, the systems care providers decide to focus on may vary for each breach.
"Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for those who engage in online financial transactions," the site reads. "Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption."
While some of this advice applies at any time, strengthening the virus protections on all staff devices is especially critical when a phishing attack has been successful. For caregivers, a physician consultant can provide the best method for improving existing PHI polices.