A cybersecurity incident at Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) has resulted in the protected health information (PHI) of 3,000 patients being exposed.
On June 19, 2019, a hacker gained access to RIENT’s network. The breach was detected immediately, and the organisation’s IT staff took steps to revoke unauthorised access to the network.
RIENT contracted a third-party computer forensics firm was hired to assist with the investigation and help determine the scope of the breach and mitigate against its harmful consequences.
Investigators concluded that the compromised servers only contained the medical records of patients who received medical services between May 1, 2019, and June 12, 2019.
The forensic investigation did not uncover any evidence to suggest patient information was viewed or copied, and no reports have been received to suggest patient information has been misused.
For the majority of affected patients, the breach was limited to names, dates of birth, and clinical information. A small subset of patients also had their Social Security number exposed.
RIENT have offered patients whose Social Security number was compromised free credit monitoring and identity theft protection services. RIENT is implementing additional technical safeguards to improve its security posture and prevent similar attacks in the future.
Following HIPAA’s Breach Notification Rule, the Department for Health and Human Services’ Office for Civil Rights has been notified of the breach. The breach portal report indicates that the breach impacted 2,943 patients.