Columbia, MD-based Maxim Healthcare Group has started notifying 65,267 individuals about a historic breach of its email environment and the exposure of their protected health information.
Maxim Healthcare Group, which includes Maxim Healthcare Services and Maxim Healthcare Staffing, said it identified suspicious activity in its email environment on or around December 4, 2020. Steps were taken to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach.
The investigation revealed unauthorized individuals had access to several employee email accounts between October 1, 2020, and December 4, 2020. A comprehensive review of those accounts revealed they contained a range of protected health information that was potentially accessed and exfiltrated. The forensic investigation was unable to determine which emails, if any, were accessed and exfiltrated.
Maxim Healthcare said a manual and programmatic review was conducted of the contents of emails and attachments, which confirmed the following data may have been compromised: names, addresses, dates of birth, contact information, medical histories, medical conditions, treatment information, medical record numbers, diagnosis codes, patient account numbers, Medicare/Medicaid numbers, usernames/passwords, and limited Social Security numbers.
Maxim Healthcare said it received the initial results of the content review on August 24, 2021, then had to locate up-to-date contact information for the affected individuals. That process was completed on September 21, 2021. It then took until November 4, 2021, for notifications to be issued to affected individuals, 13 months after the first email accounts were compromised and 11 months after the breach was detected.
Maxim Healthcare said it is offering complimentary credit monitoring services to affected individuals and steps have been taken to improve security. Maxim Healthcare said it immediately instituted additional security protocols, including multi-factor authentication for all email accounts, has transitioned to a new Security Operations Center with advanced detection and response capabilities, and will continuously integrate additional cybersecurity infrastructure and security measures as appropriate.
The post Maxim Healthcare Group Notifies 65,000 Individuals About October 2020 Email Breach appeared first on HIPAA Journal.