THREE RIVERS, Mich. — Patients were warned to monitor their credit scores after a hospital data breach.
CPS Solutions, which helps support pharmacy operations, provided notice that Three Rivers Hospital patient information was compromised in Dec. 2024, potentially affecting some people in the state of Michigan.
This is just one of hundreds of medical information data breaches that happened in 2024, according to the Department of Health and Human Services, affecting more than 180 million people.
“Cyber security is everyday, you cannot have a weak moment,” Vijay Bhuse, associate professor for the College of Computing at Grand Valley State University, said.
CPS Solutions became aware of unauthorized third party access to an employee’s business email account on Dec. 4 of last year, according to a release.
An investigation showed data from the account was accessed and removed, potentially including things like full name, date of birth, health insurance information, and/or medical information, such as details on a person’s treatment or prescription needs.
The company did note, however, that social security numbers, driver’s license numbers, credit and debit card information and hospital medical records were not accessed in the breach.
“Somebody could be accessing your system from very far away,” said Bhuse. “They could be on the other side of the world.”
The company went on to say in the release that they regret the incident and any concern it may have caused.
With more than 700 data breaches affecting medical information in the past year alone, hospitals are a common target for cyber attacks.
It’s the sensitivity of information that makes healthcare facilities so vulnerable to attacks.
“So in this case, the best thing to do would be to educate your employees,” said Bhuse. “Make them aware of threats related to email, including phishing and spam.”
In addition, Bhuse said to use multi-factor authentication, spam filters and avoid clicking any external links.
“Clicking on the link is equivalent to opening a door for an attacker,” said Bhuse.
For an extra layer of security, Bhuse recommends that hospitals or any organizations that worry about cybersecurity should be auditing their system and testing security solutions, always keeping cybersecurity on their radar.
“It’s been growing and it’s not going to go away any time soon because we’re doing more and more things online,” said Bhuse. “Awareness and training is the first step.”
Following the data breach, CPS Solutions is offering affected residents two years of free credit monitoring and identity protection services.
link