Maxim Healthcare Group based in Columbia, MD has begun informing 65,267 people concerning a historic breach of its email system and the compromise of their protected health information (PHI).
Maxim Healthcare Group, which consists of Maxim Healthcare Staffing and Maxim Healthcare Services, stated it detected suspicious activity in its email system approximately December 4, 2020. It took steps to stop further unauthorized access and started an investigation to find out the nature and extent of the breach.
The investigation showed that unauthorized people got access to a number of employee email accounts from October 1, 2020, to December 4, 2020. A thorough evaluation of those accounts showed they included a variety of PHI that was possibly viewed and exfiltrated. According to the forensic investigation, the group was unable to know which email messages, if any, had been viewed and exfiltrated.
Maxim Healthcare mentioned a manual and programmatic evaluation was performed of the contents of email messages and file attachments, which affirmed the likely compromise of the following information: names, addresses, birth dates, contact details, medical record numbers, patient account numbers, medical backgrounds, health conditions, treatment details, diagnosis codes, Medicaid/Medicare numbers, usernames/passwords, and a number of Social Security numbers.
Maxim Healthcare stated it acquired the preliminary results of the content evaluation on August 24, 2021, after that had to identify updated contact details for the affected people. That procedure was concluded on September 21, 2021. The issuance of notifications to the impacted persons only began on November 4, 2021, which is 13 months after the compromise of the first email accounts and 11 months after the discovery of the breach.
Maxim Healthcare mentioned it is giving free credit monitoring services to impacted persons and took steps to enhance security. Maxim Healthcare stated it quickly implemented more security procedures, such as multi-factor authentication implemented on all email accounts, change to a new Security Operations Center with sophisticated recognition and response abilities, and will continually incorporate extra cybersecurity infrastructure and security actions as needed.