HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hospital Sisters Health System Email Breach Impacts 16,167 Patients

Hospital Sisters Health System has recently discovered an email security breach in August 2019 potentially resulted in unauthorized individuals gaining access to access emails and email attachments containing the protected health information of 16,167 patients.

Hospital Sisters Health System is a 15-hospital health system serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized individuals gained access to the email accounts of several employees. Prompt action was taken to secure the affected email accounts by changing passwords and a leading computer forensic firm was retained to investigate the breach and determine whether the compromised accounts contained patient information.

On December 2, 2019, Hospital Sisters Health System was informed that patient information had potentially been accessed by the attackers. The compromised email accounts were found to contain patient names, birth dates, and a limited amount of clinical information. Some patients also had their health insurance information, Social Security number, and/or driver’s license number exposed.

On January 31, 2020, Hospital Sisters Health System started mailing notification letters to all affected patients. Individuals whose Social Security number or driver’s license number was exposed have been offered complimentary membership to identity theft protection services and all individuals have been advised to monitor their accounts and explanation of benefits statements closely and to report any suspicious activity to law enforcement.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Hospital Sisters Health System has already taken steps to improve email security to prevent similar breaches from occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.