An unauthorized actor briefly accessed an employee’s email account, prompting a months-long review that confirmed the exposure of protected health information.
Onsite Mammography has disclosed a data security incident involving unauthorized access to one employee’s email account, which resulted in the exposure of certain protected health information.
On Oct 4, 2024, Onsite Mammography discovered unusual activity associated with the employee’s email account. Onsite enlisted independent cybersecurity experts to conduct an investigation to determine what happened and whether sensitive information may have been impacted.
According to the investigation, an unauthorized actor gained access to the individual’s email account for a brief period. The investigation further revealed that the unauthorized actor only had access to the email account and did not have access to any other systems within the Onsite network. Onsite engaged the services of an outside data analytics vendor that conducted a review of the impacted files to determine whether any protected health information was involved. The review concluded on Feb21, 2025, and revealed that the compromised information included specific health-related information about patients.
In response to this incident, Onsite Mammography implemented additional security measures to further minimize the risk of a similar incident occurring in the future. Onsite also notified law enforcement and is reviewing its policies and procedures related to data protection. Onsite Mammography states in a release that it “has no reason to believe any information has been or will be misused as a result of this incident.”
Individuals are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors.
ID 312291642 © Aoo3771 | Dreamstime.com
