A healthcare technology vendor is notifying dozens of its healthcare provider clients of an email security breach affecting their patients’ protected health information. Experts say the incident serves as the latest reminder of the risks business associates pose to sensitive healthcare data.
In a notice posted on its website, Ciox Health, an Alpharetta, Georgia-based healthcare information management vendor, says that between Nov. 23 and Dec. 30, 2021 it began the process of notifying healthcare provider customers of an email compromise last summer affecting some of their patients’ PHI.
Ciox in the notice also included a list of about 32 healthcare providers affected by the incident.
In its notice, Ciox says an unauthorized person accessed one Ciox employee’s email account between June 24 and July 2, 2021, potentially downloading emails and attachments contained in the account.
