The Facial Pain Center Email Account Breach
The Facial Pain Center based in Minnesota has reported that an unauthorized person accessed some email accounts of employees in January 2024, compromising the protected health information (PHI) of 1,894 people. The breach was detected on January 23, 2024, when suspicious activity was identified in some staff accounts. The Facial Pain Center took immediate measures to block further unauthorized access and started an investigation to evaluate the extent and consequence of the incident. To assist with the investigation, the Center engaged a third-party cybersecurity company. The investigation confirmed that the attacker had access to emails and correlated file shares, but…