• RMK Consulting Staff

North Texas Mental Health Provider Suffers Data Breach, Twice


North #Texas Mental Health Provider @Metrocare Suffers Data Breach, for the second time in Five Months.

The Breach Discovery

The breach was the result of a #phishing attack and was discovered on February 6, 2019, when Metrocare found that an unauthorized third-party accessed some of their employees’ #email accounts. According to Metrocare, immediately after learning of the #breach, the affected email accounts were secured, and an investigation was launched.  The investigation found that the compromised email addresses were first accessed in January 2019.


Potentially Accessed Information

The investigation revealed that some patient data was in the affected email accounts, including individuals’ names, dates of birth, driver’s license information, health insurance information, health information related to services received at Metrocare, as well as some Social Security numbers.


Patient notification began on April 5, 2019. At this time, Metrocare does not have reason to believe that any of the affected patient information has been misused as a result of the incident. Those individuals who may have had their Social Security numbers exposed are eligible for one year of complimentary identify protection and credit monitoring.

In their notice, Metrocare writes:

We regret any inconvenience or concern this incident may cause our community. To help prevent something like this from happening in the future, we are taking steps to add additional security measures to our current information technology infrastructure, including strengthening the security of our e-mail system and have implemented multi-factor authentication on its system systems.

Not Their First Offense

What sounds like a sincere apology to the community regarding the incident may not be taken as such. This data breach was reported just 5 months after Metrocare reported a previous breach in November #2018. Even worse, this breach was almost identical to the previous, a phishing attack that compromised the PHI of 1,800 patients.


Following the November phishing attack, Metrocare stated they would be strengthening their security measures, including their email system and providing additional training to their employees.


Considering they encountered a very similar breach just months after their first one, it is clear that whatever security/training may have been implemented was not enough. Multi-factor authentication had not been enabled following the first attack, which could have very likely prevented the second from occurring.


The November phishing attack on Metrocare does not have a closing listed on HHS’ public breach website, meaning that first attack may still be under investigation.

7 views

RMK CONSULTING, LLC

RMK Consulting, LLC provides exceptional IT Support Services, Managed IT Services, Cloud Computing Solutions and Phone Systems to businesses across Texas. Our Managed IT Services are designed to Manage and Protect your IT systems so you can focus on your business.

SERVICES

CONTACT

RMK Consulting, LLC

415 N Guadalupe Ste. 165

San Marcos, TX 78666

(512) 761-7652

  • RMK Consulting, LLC on LinkedIN
  • RMK Consulting, LLC on Twitter
  • RMK Consulting, LLC on Facebook
  • RMK Consulting, LLC on YouTube
  • RMK Consulting, LLC on Instagram
  • RMK Consulting, LLC RSS Feed