45,000 patients at Covenant HealthCare potentially exposed by data breach

Published: Feb. 25, 2021 at 8:03 PM EST
Email This Link
Share on Pinterest
Share on LinkedIn

SAGINAW, Mich. (WJRT) - Covenant HealthCare in Saginaw is working to notify 45,000 of its patients who may have been affected by a data breach.

The move comes after two employees email accounts were compromised in May 2020.

In a written statement, hospital officials say they aren’t aware of any reports of identity theft, fraud or improper use of any patient’s information after an extensive forensic audit was completed in December.

The hospital says the FBI discovered someone was attempting to sell login and password access to Covenant’s network on the dark web.

Two employees’ emails were compromised for less than one hour when the breach happened. Those email accounts contain personal information, including names, addresses, Social Security numbers and other sensitive information.

Patients who were potentially affected were sent a notice letter with specific steps to follow when contacting the hospital’s breach response hotline. After the breach happened, Covenant immediately tightened its network security by putting multifactor authentication in place, meaning several steps are now necessary to gain access to the network.

Covenant says they are continuing to monitor their network security to prevent any further breaches from happening.

This isn’t the first time Covenant HealthCare has dealt with a data breach. In September 2018, a software attack potentially exposed the personal information of some of the hospital’s patients.

Other providers, including the Health Alliance Plan and McLaren Health Care, were part of that same breach.

Copyright 2021 WJRT. All rights reserved.