Aveanna Healthcare, based in Georgia, recently disclosed a data breach involving unauthorized access to the email accounts of 11 employees. The breach affected the protected health information of 10,482 patients. This is the second email breach reported by Aveanna in the past few months, following a previous incident in September 2023 that compromised the data of 65,482 patients.
The latest breach was detected on April 17, 2024, when unusual activity was observed in the email accounts. Aveanna responded quickly by preventing further unauthorized access and launching an investigation. By June 12, 2024, the investigation confirmed that sensitive information, including names, Social Security numbers, medical details, and insurance information, had been exposed. The specific data affected varied from patient to patient.
Despite the exposure of patient information, Aveanna has not detected any misuse of the compromised data. As a precaution, the healthcare provider is offering complimentary identity protection services through CyEx to the affected individuals. The company expressed its commitment to safeguarding personal information and taking extra measures to prevent similar breaches in the future.
Aveanna has notified the Department of Health and Human Services’ Office for Civil Rights (OCR) about both breaches. The company is working to enhance its cybersecurity protocols and ensure that patient data remains secure. These recent incidents highlight the ongoing challenge of protecting sensitive information in the healthcare sector.
Reference: