Piedmont Cancer Institute (PCI), based in Atlanta, Georgia, has recently disclosed a data security breach that has impacted the personal information of at least one Maine resident. The breach, which came to light on March 25, 2024, involved unauthorized access to an employee email account. Upon discovering the unusual activity, PCI immediately secured the compromised account and enlisted a team of external cybersecurity experts to investigate the incident. Despite the thorough investigation, it remains unclear which specific emails and attachments were accessed by the unauthorized party.
Following a comprehensive review of the affected email account, PCI confirmed on August 6, 2024, that personal information was contained within the compromised mailbox. This information potentially includes individuals’ names and Social Security numbers. To ensure compliance with Maine’s data breach notification statutes, PCI has begun notifying affected individuals and has provided them with a sample notification letter detailing the breach.
In response to the incident, PCI has implemented additional security measures to prevent similar breaches in the future. The institute is offering affected individuals 12 months of complimentary credit monitoring and identity theft protection services through Cyberscout, a TransUnion company. These services include credit monitoring, dark web monitoring, a $1 million identity fraud loss reimbursement policy, and fully-managed identity theft recovery services. Additionally, PCI has established a call center to provide support to affected individuals for a period of 90 days.
The breach highlights the growing concerns around data security in healthcare organizations and the need for robust protective measures. PCI’s prompt actions and the provision of protective services aim to mitigate the impact on affected individuals and reinforce the institute’s commitment to safeguarding personal information.
Reference:
