Unusual Activity on Employee Email Account Unveils Unauthorized Access of PHI
Who: Partners for Quality, Inc.
# of Records/People Affected:
When: 19 April 2019
What happened: PFQ became aware of unusual activity relating to certain employee email accounts.
How Did it happen: On April 15, 2019, PFQ confirmed that the email accounts subject to unauthorized access contained protected health information of certain individuals and the identities of the individuals relating to this personal information. Although unaware of any actual or attempted misuse of any information contained in the email accounts, PFQ is providing notice to individuals in an abundance of caution.
Outcome: PFQ quickly launched an investigation to determine what may have happened and what information may have been affected. With the assistance of third-party forensic investigators, we determined that three employee email accounts were subject to unauthorized access between January 19, 2019 and February 27, 2019. These email accounts were then reviewed to determine whether they contained any protected health or personal information. PFQ is reviewing its existing policies and procedures and implementing additional safeguards to protect information stored in its systems. PFQ reported this incident to law enforcement and is notifying state regulators, as required. PFQ will also mail notice letters to individuals whose information was contained within the impacted accounts and for whom they had a postal address.