"Einstein Healthcare Network Announces August Breach"

Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient, and primary care centers, recently announced that it was affected by a breach of its employee email system, which exposed patient personal and medical information.  The organization waited more than five months to notify the public of the breach, which violates the HHS 60-day breach notification rule, but they will most likely not be penalized. According to Einstein, an unauthorized person on August 5th accessed employee emails, and the suspicious activity continued until August 17th.  Einstein knew about the suspicious activity in employee email accounts since August 10th.  Emails that were accessed by the attacker contained patient information, which may have included patients’ names, dates of birth, medical records, patient account numbers, and treatment or clinical information such as diagnoses, medications, providers, types of treatment, and treatment locations.  Some of the emails also contained health insurance information and Social Security numbers.  

Threatpost reports: "Einstein Healthcare Network Announces August Breach"