Ohio business associate experiences email hack, exposes PHI of 30,000 individuals

The Ohio-based company Management and Services Network (MNS) recently notified 30,132 patients that their protected health information (PHI) was potentially compromised during security incidents that occurred between April and July 2019.

MNS acts as a business associate (BA), providing administrative support to post-acute care providers.

According to a press release posted by MNS, the company became aware on August 21, 2019 that the email accounts of five employees may have been accessed without authorization between April and July of that year. These accounts were believed to contain PHI.

On March 5, 2020, MNS provided notification to the post-acute care providers whose patients may have been impacted. On May 4, MNS provided notification to individuals who had not received notification from their providers.

The notification letters sent to individuals included recommended steps that individuals can take to protect their information, as well as the phone number to a toll-free call center established by MNS to field inquiries relating to the incident.

MNS said it has strengthened password policies throughout the organization and is working to expand the use of multi-factor authentication to all employees.