Atlanta, Georgia-based medical imaging centre Express MRI suffered a security breach in July last year that potentially compromised the personal healthcare information of a large number of patients.
Express MRI offers affordable high-quality medical imaging, specifically MRI, services in Georgia, offering MRI services for $399 without any additional costs. The medical imaging firm discovered the security breach in July last year and determined that unauthorised emails were sent from an Express MRI email account.
“Keeping patient privacy and security as its number one concern, the company took immediate action to investigate and address the incident,” Express MRI said. It found that even though unauthorised emails were sent, no patient information was compromised.
However, a secondary review of the breach, completed on 10th June this year, concluded that even though there isn’t any conclusive evidence of any particular patient information being accessed, read, or exported, it is possible that emails containing patient information could have been accessed, read, or exported.
The medical imaging firm said that some of the accessed emails also contained sensitive patient information like names, addresses, email addresses, dates of birth, age, referring physician, body part scanned, and whether the scan was related to a workers’ compensation claim or motor vehicle accident investigation.
“No Social Security numbers, financial or insurance information or patient images were accessed, lost, compromised, or otherwise affected as a result of this data breach,” it added, stating that it took immediate precautionary measures to respond to this incident including assembling a team of highly qualified experts to reinforce the security of its information technology systems. Increased security safeguards are also being implemented to enhance security and avoid such breaches in the future.
“Protecting our patients’ personal information is one of our top priorities in our commitment to providing you with safe, high-quality care. We sincerely apologise to our patients for this inconvenience,” said Express MRI CEO Alex Halpern.
Express MRI is now sending letters to affected individuals to inform them about the incident, measures Express MRI has taken, and additional steps they may consider to further secure their personal information.
Commenting on the security incident suffered by Express MRI, Boris Cipot, senior security engineer at the Synopsys Software Integrity Group, told Teiss, “It is good to hear that no financial or insurance information, patient images or social security numbers were stolen in this data breach; however, customers of Express MRI should not let their guard down as the data that was breached – names, email addresses, physicians names etc. – could be used for phishing attacks.
“Usually, the attacker would request further information in order to confirm the recipient’s identity. Phishing emails can also include links to online forms that request personal data or even ask users to log in to a known service. However, those forms or login pages are fake and collect personal information which is then used for further scams.
“Phishing emails are often sent with attachments, so it is important to never open any attachments or click on links from an untrusted source, and keep in mind that institutions typically do not request your personal data via email or phone. If users’ are still in doubt, it is advisable to look up the institutions’ contact details and call them directly to confirm the validity of the emails. Make sure you do not contact them using phone numbers included in suspicious emails, as these can potentially lead directly to the scammers,” he added.