25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Hill Country Memorial Hospital Discovers Email Account Compromise

Posted By on May 1, 2017

An unauthorized individual has gained access to an email account of an employee of Hill Country Memorial Hospital and sent a number of fraudulent invoices, but potentially also accessed the protected heath information of certain patients.

The Fredericksburg, TX hospital discovered the email account of an emergency room employee had been accessed on February 21, 2017. The attack is believed to have been conducted solely for the purpose of sending fraudulent invoices to the hospital’s accounts payable department. However, the email account contained a range of ePHI which could potentially have been accessed and stolen by the attacker.

The investigation into the security breach did not reveal whether any emails had been accessed, and if the ePHI of patients had been viewed or copied, but the possibility could not be ruled out. The email account contained patients’ names, addresses, ID numbers, dates of birth, prescription and treatment information, medical diagnoses, procedure information and Social Security Numbers.

In is unclear at this stage how the criminal gained access to the email account, although steps have now been taken to secure the account to ensure further unauthorized access is not possible. A password reset has also been performed on all email accounts and logins have been changed as a precaution against further attacks. The hospital is also evaluating further measures that can be implemented to strengthen security. The hospital has notified law enforcement about the breach and the investigation into the incident is continuing. It is unclear whether any of the fraudulent invoices sent from the breached account resulted in payments being made.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has been reported to the Department of Health and Human Services’ Office for Civil Rights. The breach report indicates 8,449 patients have been impacted by the incident.

Jayne Pope, Chief Executive Officer of Hill Country Memorial Hospital has apologized to patients for the inconvenience caused to patients and has confirmed that the hospital takes patient privacy very seriously. Out of an abundance of caution, all patients impacted by the incident have been offered credit monitoring and identity theft protection services for 12 months without charge.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more