A phishing event that affected 10,831 people also affected 7,678 patients, which they reported to HHS on behalf of relevant affiliated nursing facilities.
HHS stated in its closing remarks that names, birth and death dates, Social Security numbers, medical record numbers, health insurance information, clinical information, and treatment information were among the protected health information (PHI) that was implicated.
CCC strengthened its administrative and technical security measures in response to this intrusion, which improved the protection of its PHI. Free credit monitoring and identity theft recovery services were made available to the affected parties. Additionally, OCR procured confirmation that CCC carried out the aforementioned remedial measures and offered technical support to CCC concerning its security management protocol.
"id": "USD54141223",
"linkid": "hhsgov",
"type": "Data Leak",
"date": "03/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"