Hospital Sisters Health System Email Breach Impacts 16,167 Patients

Share this article on:

Hospital Sisters Health System has recently discovered an email security breach in August 2019 potentially resulted in unauthorized individuals gaining access to access emails and email attachments containing the protected health information of 16,167 patients.

Hospital Sisters Health System is a 15-hospital health system serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized individuals gained access to the email accounts of several employees. Prompt action was taken to secure the affected email accounts by changing passwords and a leading computer forensic firm was retained to investigate the breach and determine whether the compromised accounts contained patient information.

On December 2, 2019, Hospital Sisters Health System was informed that patient information had potentially been accessed by the attackers. The compromised email accounts were found to contain patient names, birth dates, and a limited amount of clinical information. Some patients also had their health insurance information, Social Security number, and/or driver’s license number exposed.

On January 31, 2020, Hospital Sisters Health System started mailing notification letters to all affected patients. Individuals whose Social Security number or driver’s license number was exposed have been offered complimentary membership to identity theft protection services and all individuals have been advised to monitor their accounts and explanation of benefits statements closely and to report any suspicious activity to law enforcement.

Hospital Sisters Health System has already taken steps to improve email security to prevent similar breaches from occurring in the future.

Author: HIPAA Journal

Share This Post On