HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cyberattacks Reported by Schneck Medical Center and Epilepsy Foundation of Texas

Schneck Medical Center in Seymour, IN has announced it was a victim of a cyberattack which has had an impact on organizational operations.

The attack was detected on September 29, 2021 and an announcement was made the same day. In response to the attack, all IT systems within its facilities were suspended out of an abundance of caution, and third-party cybersecurity experts have been engaged to assist with the investigation and restore its IT system as quickly as possible. Schneck Medical Center said investigations into cyberattacks and the restoration of IT systems take time to fully resolve, but steps have been taken to minimize disruption to its systems.

Schneck Medical Center said most medical services have not been affected by the attack and patients should arrive as normal for scheduled services and appointments. Patients will be notified individually if for any reason their appointment has had to be postponed as a result of the attack.

“As a team of dedicated and caring medical professionals, we understand that healthcare is about people taking care of people. We remain committed to continuing to provide exceptional care to our communities and will provide additional updates as appropriate,” said Schneck Medical Center in its breach notification.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

At this stage it is unclear if patient information has been compromised. Further information will be released about the attack if the investigation confirms the attackers gained access to systems containing patient information.

PHI Potentially Compromised in Epilepsy Foundation of Texas Phishing Attack

The email account of an employee of Epilepsy Foundation of Texas has been accessed by an unauthorized individual who potentially viewed or obtained sensitive patient data. Epilepsy Foundation of Texas discovered the email account had been compromised on or around June 8, 2021 when the account was used to send fraudulent emails. The email account was immediately secured and an investigation was conducted to determine the nature and scope of the breach.

The investigation confirmed the account was breached when the employee responded to a phishing email. An analysis of the incident and review of the information in the email account was completed on September 2, 2021 and efforts were then made to obtain accurate address information for affected individuals to allow notifications to be sent. Notification letters started to be sent to affected individuals on October 1, 2021.

Epilepsy Foundation of Texas said the compromised email account contained first and last names, dates of birth, driver’s license numbers, health insurance information, financial account numbers, Social Security numbers, biometric data, payment card numbers, usernames and passwords, and medical information.

Following the attack, security protocols were reviewed and have now been enhanced. Epilepsy Foundation of Texas said it is unaware of any cases of attempted or actual misuse of patient data but has advised affected patients to exercise caution and monitor their accounts and explanation of benefits statements for signs of fraudulent activity.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 2,824 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.