Third-Party Dupes Medical Center Into Handing Over Patient Information

For your free ISO 27001 - Information Security Management System - Gap Analysis Checklist, click here.


A New York City aged-care medical center has been tricked into handing over sensitive patient information after masquerading as one of the facility’s executives.

Non-profit VillageCare Rehabilitation and Nursing Center (VCRN) has released details of the events that transpired, saying that one of its staff members responded to an email that looked as though it was from one of its senior executives.


In a statement, VillageCare said that “on or about Monday, December 30, 2019, VCRN was alerted to a suspicious email received by an employee from an unathorized actor pretending to be a member of the executive team.”

‘The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information. Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”


They continued to explain that “at this time, we are unaware of any actual misuse of the personal information as a result of this event.”


According to VillageCare, the information shared with the third-party included first and last names, dates of birth, medical insurance information including the provider name and ID number of a “limited number of VCRN patients,” 674 of them, according to reports.


VCRN has taken a number of steps to alert patients potentially impacted by the fraud, set up a toll-free phone line for those impacted to discuss their options, as well as alerting the relevant authorities and regulatory bodies.


“We take this incident and security of personal information in our care seriously,” they said. “We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”


VillageCare concluded the statement encouraging anyone involved to “remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • YouTube Best Practice Icon
  • LinkedIn Social Icon
  • Facebook Basic Square
  • Instagram Social Icon
  • Twitter Basic Square

© 2020 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon