The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

13 Accounts Compromised in Roper St. Francis Healthcare Phishing Attack

Posted By on Feb 4, 2019

A large-scale phishing attack on Charleston, SC-based Roper St. Francis Healthcare has seen attackers gain access to the email accounts of 13 employees.

The phishing attack was detected on November 30, 2018 and action was taken to block access to a corporate email account. The investigation into the breach revealed further email accounts had been compromised. The affected accounts were accessed by the attacker between November 15 and December 1, 2018.

A third-party computer forensics firm was hired to investigate the breach, which revealed some of the compromised accounts contained patient information including names, medical record numbers, health insurance information, details about services received from Roper St. Francis Healthcare, and for a limited number of patients, Social Security numbers and financial information.

All affected patients were notified by mail on January 25, 2019 and have been offered complimentary credit monitoring services. While PHI was potentially accessed, no reports have been received to suggest any PHI has been misused.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The HHS’ Office for Civil Rights breach portal indicates the compromised email accounts contained the personal and health information of 35,253 patients.

Minnesota Department of Human Services Phishing Attack Impacts 3,000 Minnesotans

Minnesota Department of Human Services Commissioner Tony Lourey has announced that the email account of a county worker has been compromised as a result of a response to a phishing email.

The account was accessed by the attacker in September 2018. The account was used to send further phishing emails to the employee’s contacts.

An analysis of the compromised account revealed it included information such as names, phone numbers, email addresses, dates of birth, and information about child protection services. In total, the personal information of approximately 3,000 individuals was potentially compromised. 30 individuals also had their Social Security number, driver’s license number and/or financial information exposed.

The phishing attack was detected the following day and remote access to the account was blocked. The delay in issuing notifications was due to the time taken to analyze the emails in the account.

Since the attack occurred, a new tool has been deployed to block phishing emails and employees have received additional training.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist