Email Breaches at CSI Laboratories and Conifer Revenue Cycle Solutions

Cytometry Specialists, Inc., conducting business as CSI Laboratories based in Alpharetta, GA, has lately reported that an unauthorized person accessed the email account of a worker and could have seen or acquired the protected health information (PHI) of 244,850 individuals. CSI Laboratories is a prominent cancer testing and diagnostics lab that serves oncologists, pathologists, and community hospitals all over the United States.

CSI Laboratories discovered the email account breach on July 8, 2022, and promptly protected the account. The incident investigation reveals that the intent of the attack was to make use of the email account to carry out a business email compromise (BEC) attack and reroute CSI customer healthcare provider transactions to an account controlled by the threat actor by appearing as CSI employing a fake email address, The breach was not intended to get patient data; nonetheless, the breach investigation affirmed on July 15, 2022, that selected files were stolen from the worker’s mailbox that kept patient data.

The files associated with invoices provided for CSI Health Care provider clients were possibly acquired for use in a BEC scam. The files generally just comprised patient names and identifiers such as patient numbers, however, certain files included additional data for example birth dates and medical insurance details. As a result, the chance of misuse of patient information is thought to be quite low.

Because of the breach, CSI Laboratories took action to strengthen the safety of its email system, has made available more training to workers on how to identify phishing attacks, and has improved tracking of its network and email systems.

CSI Laboratories declared at the beginning of this year that it had encountered a ransomware attack that the Conti ransomware group claimed credit for. The 312,000 patients’ PHI was exposed during that incident.

Business Associate Breach Affects Keck Medicine of USC

Keck Medicine of USC has lately reported being affected by a breach at its business associate, Conifer Revenue Cycle Solutions. Conifer offers revenue cycle management along with other management services, which involve getting access to patient records. On April 14, 2022, Conifer discovered that an unauthorized person gained access to its Office 365 email account, which held the data of the patients of its healthcare provider customers.

The data possibly exposed included names, birth dates, addresses, driver’s license numbers, Social Security numbers, state ID numbers, financial account data, medical and/or treatment details like medical record numbers, names of providers, diagnoses and symptoms, and prescribed medicine details, and medical insurance data. The information compromised was different from one patient to another.

Keck Medicine stated its business associate has boosted its security settings and tracking procedures and has sped up the setup of multi-factor authentication. Free credit monitoring services were provided to impacted persons.

About Christine Garcia 1201 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA