As the tab for security incidents in 2020 remains open, cybercriminals are diligently looking for new ways to attack and capitalize on valuable healthcare information. More than 143 security incidents have been added to the Health Insurance Portability and Accountability Act (HIPAA) Breach Reporting Tool since the beginning of the year, and bad actors are not showing signs of halting their disruptive actions any time soon.
Last months’ showstopper is Ambry Genetics, a California-based genetic testing laboratory that revealed a security incident potentially exposing the personal health information (PHI) of 233,000 customers, including:
• Customer names
• Medical information
• Information related to customers’ use of the genetic laboratory’s services
• Limited amount of Social Security numbers
In accordance with HIPPA Breach Notification Rule, the company has published a notice on its official page, detailing the events. Between 22 and 24 January, Ambry’s security team noticed unauthorized access to one of their employee accounts and started investigating the incident. Although the company found no clear signs of misuse, it does not rule out the exposure of customer personal information.
“The investigation was unable to determine whether there was unauthorized access to, or acquisition of, any particular information from the email account, and we are not aware of any misuse of any personal information. Nevertheless, we are notifying our customers because customer personal information may have been impacted”, reads the Substitute Notice.
As a preventive measure, Ambry Genetics is now offering customers free identity monitoring services to affected individuals and reassures customers that they have taken the necessary steps to avoid any future incidents.
The high number of potentially exposed medical records put customers at risk of falling victim to medical identity theft and fraud. Using the stolen information, cyber thieves can make fake medical claims and steal a victim’s insurance, and even send out extortion emails that demand payment for not revealing any sensitive information.
It’s important for potential victims to be wary of any unsolicited emails they might find in the Inbox, keep an eye on their medical bills, and review their medical records for any suspicious entries.