Einstein Health Network is a Pennsylvania based health care company offering services such as medical rehab, outpatient and primary care centers. The organization recently announced a breach in which an authorized person was able to gain access to sensitive information and emails. Einstein has known about the breach since August 10 and is therefore in direct violation of the HHS 60-day breach notification rule that states organizations must disclose a security breach for customers’ privacy within roughly two months of awareness of said breach.
However, although the company waited more than five months to make the breach public, it is unlikely it will face any punitive measures. According to a statement, Einstein could not determine whether contents of patient-related emails were stolen, however, has now notified all customers that their diagnoses, date of birth, name, and prescriptions may have been exposed to criminals. According to a statement released by Einstein, some patient’s accounts also included types of treatment, treatment locations, Social Security numbers, and health insurance information.
Read More: Einstein Healthcare Network Announces August Breach
