ProPath Services, LLC in Texas has notified patients of a data security breach stemming from compromise of two employees’ email accounts. The incident occurred in 2020, but ProPath doesn’t state exactly when they first discovered the breach.
In a statement on their web site, the pathology service provider explains that on January 28, they learned from their investigation that one or more of the email accounts accessed between May 4, 2020 and September 14, 2020 contained identifiable personal and/or protected health information.
As is too often the case, the entity claims it has no evidence of any misuse of the information but is notifying patients “out of an abundance of caution.”
The accessed email accounts contained the personal and protected health information of certain individuals who had laboratory or pathology testing services performed by ProPath, including their names, dates of birth, test orders, diagnosis and/or clinical treatment information, medical procedure information, physician name, and, in a limited number of cases, Social Security numbers, financial account information, driver’s license numbers, health insurance information, and passport numbers.
You can read more on ProPath’s web site about what they are offering, or not offering, those being notified. Of note, they have taken steps to prevent a recurrence:
Since the date of this incident, ProPath has taken measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards on its email system and providing additional training to employees to increase awareness of the risks of malicious emails.