A hacker infiltrated an email belonging to an employee of the Boys Town National Research Hospital on May 23, 2018, stealing personal identifiable and healthcare information of over 100,000 patients and employees.
Stolen PII and PHI includes sensitive information: SSNs, dates of birth, heath insurance information, medical diagnosis or treatment information, disability codes, banking or financial account numbers, usernames and passwords and more.
This data is most likely being circulated in the deep or dark web, putting child patients at risk throughout their adult life. While the hospital is promising to provide 12 months of free identity protection services, it's hard to know when or how the victims' data will be used.
Children's PII, such as their social security numbers, are often used in synthetic ID fraud which now accounts for 80% of all credit card fraud losses, and nearly one-fifth of credit card charge-offs. These victims will need to monitor their identities closely from this point on.
Circling back at the cause of this data breach, all this data exposed came from one employee's email. Companies need to become more proactive to protect their domain, customers and employees leveraging IDtheft solutions like the 4iQ Identity Threat Intelligence Platform.
Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected 105,309 individuals, including patients and employees, at the Omaha-based medical organization. In a "Notice of Data Security Incident" published on its website, the Boys Town National Research Hospital admitted that the organization became aware of an abnormal behavior regarding one of its employees' email account on May 23, 2018.