Salinas Valley Memorial Healthcare System has agreed to pay $340,000 to resolve claims lax cybersecurity resulted in a 2020 data breach.
Five employee and contractor email addresses were reportedly compromised in April, May and June of 2020 through a phishing scheme. As Salinas claimed in their notification of July 1, 2020:
On April 30, 2020, SVMHS determined that the email account of one of its employees had been compromised. On May 7, 2020 and June 5, 2020 respectively, SVMHS subsequently determined that email accounts of a contractor and three other employees were also compromised. These five email accounts were compromised through Outlook Web Access, SVMHS’s browser-based email access solution.
The incident was reported to HHS on June 29, 2020 as impacting 2,384 patients. In closing its investigation into the incident, HHS wrote:
The covered entity (CE), Salinas Valley Memorial Healthc