The incident was reported on March 22nd, 2020, to the U.S Department of Health and Human Services. The report worked as a reminder of the cyber threats faced by all the laboratories and other healthcare entities that handle personal information of the patient and even their sensitive medical testing data related to the COVID-19 pandemic.
Keith Fricke, the principal consultant at TW-Security, said that the labs are under significant threat because they are handling more tests than regular basis due to the COVID-19 outbreak. Thus, the amount of patient data stored, processed, or transmitted has increased by manifold in volume.
Criminals Are Stealing Personal Data of Patients
The criminals see this as another opportunity to steal information for their financial gains. Additionally, the IT department is working on the proper precautions that must be adopted by the remote workforce and setting up the necessary technology for ensuring the data privacy of COVID-19 medical trials and treatments. The IT experts are doing so that lesser time will be spent on monitoring the network activities by making a contract with a third party who will keep a check on the lab's network and system event logs.
The Breach Tally
The Ambry Genetics breach is the second largest health data breach in 2020, as listed on HHS' HIPPA Breach Reporting Tool website. The website contains a list of health data breaches impacting 500 or more individuals.
The first biggest patient data breach was reported earlier and involved the theft of data from a stolen, unencrypted laptop in February. The massive data breach incident affected 654,400 individuals engaged in lab trials.
So far, in 2020, 35 of the 36 most significant breaches which were posted to the HHS website were reported as hacking or IT incidents.
Unprotected devices that are stolen or lost can contain lots of information. However, personal devices do not have as much information as clinical systems with huge databases of patients.
Ambry Genetics Data Breach Details
The security team of the Ambry Genetics identified ab unauthorized access to an employee's email account between January 22nd, 2020, and January 24th, 2020.
They initiated the investigation with the help of outside experts. The survey was unable to identify whether there was an unauthorized access to or possession of any particular information from the email account. The team also says that they do not have any information on the misuse of any personal information.