Exploit: Unauthorized Account Access
National Cardiovascular Partners: Healthcare Provider

Risk to Small Business: 2.232 = Severe

Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the hackers may have obtained.

Individual Risk: 2.377 = Severe

Impacted patients are being notified and offered a one-year membership in Experian IdentityWorks, an identity theft protection service. These patients should also take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted: 78,070

How it Could Affect Your Customers’ Business: Handling sensitive medical data is a proposition that requires excellent security training as well as a strong suite of cybersecurity solutions. Not only was this incident preventable, but it was also expensive – and it will not just cost a fortune in recovery, it will also invite regulatory penalties.

Source:
https://healthitsecurity.com/news/national-cardiovascular-partners-email-hack-impacts-78k-patients?&web_view=true