25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

3,400 Patients of Children’s Hospital Colorado Potentially Impacted by Email Hack

Posted By on Sep 11, 2017

Almost 3,400 patients of Children’s Hospital Colorado are being notified that some of their protected health information has potentially been accessed by an unauthorized individual who gained access to the email account of a staffer.

The incident was discovered by the Aurora, CO hospital on July 11, 2017, prompting a full investigation to determine the scale and scope of the breach. A third-party computer forensics firm was hired to assist with the investigation to help identify how access to the email account was gained, whether any other systems had been compromised, and to identify any actions taken by the attacker.

An analysis of data in the email account showed a limited amount of PHI was potentially compromised, including names, addresses, dates of birth, telephone numbers, medical diagnoses, treatment information, and other clinical information. No financial information, insurance details, Social Security numbers, or other highly sensitive data were exposed.

The investigation confirmed the breach was limited to a single email account and its EHR was not affected. While access to the email account was possible, the investigation uncovered no evidence to suggest any emails were accessed no that any PHI was viewed. Children’s Hospital Colorado also said no reports have been received to suggest any information has been misused in any way.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Children’s Hospital Colorado said, “Protecting the security and confidentiality of patient personal and medical information is of the utmost importance.” To prevent future incidents of this nature from occurring, existing safeguards have been enhanced and a review of its systems is underway to identify any additional controls that can be implemented to further protect patient health information.

Notifications were sent to all affected individuals by mail on Friday and the incident has been reported to appropriate authorities, including the Department of Health and Human Services’ Office for Civil Rights.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist