25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Evansville Medical Center Hack Exposes HIPAA Data of 4,400

Posted By on Mar 7, 2015

Hackers have gained access to the E-mail accounts of a number of employees of the St. Mary’s Medical Center in Evansville, Indiana, resulting in the PHI of approximately 4,400 patients potentially being exposed.

A spokesman for St. Mary’s Medical Center, Randy Capehart, issued a statement announcing the HIPAA breach to the press. In the statement he explained the nature of the attack and the data that was potentially exposed.

The E-mail accounts accessed by the hackers contained Protected Health Information together with personal identifiers and some Social Security numbers. Although the data exposed varied from individual to individual, the information mostly contained names, gender, dates of birth, health and insurance information.

The attack occurred in January and all patients affected by the breach are being notified by mail. They have been offered a year of credit and identity protection services if they had their Social Security numbers exposed. All other individuals will be entitled to obtain a free credit report from each of Equifax, TransUnion and Experian.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach was identified rapidly and access to the E-mail accounts was shut down promptly, limiting the opportunity for thieves to access PHI, although it is not clear at this stage how quickly access was stopped and whether thieves were able to download information.

Even though the issue was rapidly identified, it took some time for the hospital to determine if any data had in fact been compromised in the incident.

During the investigation it determined that the cyber attack was of a “sophisticated” nature, and that hackers had gained access to the accounts via “fraudulent E-mail communications.”

A forensic investigation is continuing in an attempt to determine whether data was accessed or copied and efforts are being made to determine the identity of the hackers so they can be brought to justice. To date no one has reported any identity or medical theft according to St. Mary’s, although crimes of this nature do not tend to take place immediately, and when they do it can take some time for the fraud to be discovered.

The hospital has set up a helpline – 1-877-643-2062 – for anyone seeking more information about the data breach.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist