HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

21,400 Patients Impacted by St. Croix Hospice Phishing Attack

St. Croix Hospice, a provider of hospice care throughout the Midwest, has discovered an unauthorized individual gained access to the email account of an employee and potentially viewed patient information.

The breach was detected on May 10, 2019 when suspicious email activity was detected in the account. A third-party computer forensics firm was hired to assist with the investigation and discovered several employees’ email accounts were compromised between April 23, 2019 and May 11, 2019.

It was not possible to determine whether any patient information had been accessed or copied, but the forensics firm did confirm that the accounts had been subjected to unauthorised access.

An extensive systemic review of the compromised email accounts was conducted to identify which patients had had their protected health information exposed. On June 21, 2019, it was confirmed that protected health information had been exposed. The review has now been completed and patients are being notified that their name, address, financial information, Social Security number, health insurance information, medical history, and treatment information may have been compromised.

All affected patients have been offered complimentary credit monitoring and identity theft protection services.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights shows 21,407 patients were impacted by the breach.

Hunt Regional Healthcare Victim of Cyberattack

Greenville, TX-based Hunt Regional Healthcare has announced it experienced a cyberattack on May 14, 2019 in which hackers gained access to its computer network and the protected health information of certain patients.

The attackers potentially accessed files containing patient names, telephone numbers, dates of birth, Social Security numbers, race, and religious preferences. The incident has been reported to the FBI and Hunt Regional Healthcare is assisting in the investigation.

Hunt Regional Healthcare has said no evidence of unauthorized data access or data theft have been discovered, but patients are being notified as a precaution and are being offered free access to IDExperts credit monitoring and identity theft protection services.

3,700 patients have been impacted by the breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.