Healthcare Staffing Report: Nov. 11, 2021

Print

Maxim Healthcare Group announces data breach

November 8, 2021

Maxim Healthcare Group — which includes Maxim Healthcare Staffing — last week announced a data breach involving a limited amount of personal and/or medical information. The Columbia, Maryland-based firm said it’s not aware any individual information has been misused but said it has released notice out of an abundance of caution.

“Maxim Healthcare takes the security of personal information very seriously,” according to a company statement. “Since discovering this incident, Maxim Healthcare completed an extensive investigation, working with third-party specialists to assess the security of relevant systems and reduce the likelihood of a similar future event.”

As part of its response, Maxim added addition security protocols such as multi-factor authentication for all email accounts. It also transitioned to a new security operations center with advanced detection and response capabilities.

The company said it first noticed unusual activity related to several employees’ email accounts in December 2020. A preliminary investigation found a limited number of those email accounts were accessed without authorization between Oct. 1, 2020, and Dec. 4, 2020.

That initial investigation was unable to determine exactly which email messages or attachments were accessed or viewed without authorization. Maxim then conducted a detailed programmatic and manual review of the contents of the email accounts. It received the first results on Aug. 24. Work on contacting affected individuals was completed on Sept. 21.

Types of information that may have been accessible to an unauthorized actor include name, address, date of birth, contact information, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number and username/password. For a limited number of people, Social Security numbers may have been accessible.

It encouraged individuals to review their account statements for suspicious activity and is offering complimentary credit monitoring where required.

Related