A HIPAA Prime client emailed and called us on a Tuesday afternoon to let us know that earlier that day their email had been hacked and a phishing email was sent out to over 1,000 contacts that included clients.
The Total HIPAA Compliance Team immediately called them back to assist.
They had already included their IT Vendor in the investigation. The IT Vendor, the client, and Total HIPAA recapped the situation and then came up with a plan of action.
First, all of the contacts that received the phishing email needed to be contacted immediately to ensure the email was deleted and the link was not clicked on.
Second, the IT Vendor had to look through the logs to determine what systems were accessed to determine if PHI was accessed and therefore there was a breach of PHI.
Total HIPAA immediately wrote this email to have our client send to the affected individuals:
Subject: Investigation into Phishing Link Sent
It has come to our attention that a link was sent out to you at [Insert time], which turned out to be part of a phishing scam.
As soon as we became aware of the issue, we took immediate steps to investigate the matter.
Please do not click on the link, and delete the email if you have not already.
We take the security and privacy of our clients very seriously, and we are committed to ensuring that our systems are secure and protected.
If you have any questions or concerns, please do not hesitate to contact me.
Thank you for your understanding and cooperation.
Total HIPAA continued working with the client and the IT Vendor to determine the extent of the hack. After a deep investigation by the IT vendor it was determined that the attacker gained access to an MFA token. As there is no PHI in the client’s email this attack was not a breach. If they would have gained access to the cloud server it would have been a HIPAA breach.
In response to the attack the IT Vendor, implemented the following to closely monitor for suspicious activity:
- Dark Web monitoring for credentials, network information, etc. related to the Total HIPAA Client
- Added an additional Microsoft 365 license to the environment which allows for more granular control over who/how individuals can access the tenant (geo-location-based restrictions, etc.)
- I’ll be rolling out an AI based Phish/Spam/Malware application to O365 this week to mitigate risk of a repeat incident.
Once it was determined that it was not a Breach of PHI Total HIPAA created the following to send to those affected:
Subject: Investigation Results – No Evidence of Downloaded Content from Phishing Incident
Following the phishing incident, our IT department conducted a thorough investigation.
I am pleased to inform you that based on the results, there is no evidence that any data was compromised. Our IT department has taken all the necessary steps to ensure our systems and accounts are secure. We will continue to monitor them closely to prevent future incidents.
I want to remind everyone to remain vigilant and cautious when receiving emails, especially those that contain links or attachments. If you receive an email that looks suspicious, please report it to your IT department immediately.
Once again, I apologize for any inconvenience caused and thank you for your cooperation and patience during the investigation. Please do not hesitate to contact us with any questions or concerns.
Once it was determined it was an incident and not a breach, Total HIPAA also assisted the client in documenting the investigation on the Total HIPAA Breach Analysis Worksheet. This worksheet along with any documentation from the IT Vendor needs to kept for 6 years.
Total HIPAA specializes in HIPAA compliance services, helping businesses adhere to HIPAA guidelines and protect sensitive data. Our experts ensure your organization remains compliant with HIPAA regulations, meaning you can focus on your core operations while we handle documenting the policies and procedures that make up your HIPAA compliance plan. Trust Total HIPAA for comprehensive compliance solutions tailored to your needs. Book a clarity call today.