The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Multiple Rutland Regional Medical Center Email Accounts Hacked

Posted By on Feb 25, 2019

Rutland Regional Medical Center in Rutland City, the largest community hospital in the state of Vermont, has discovered hackers have gained access to the email accounts of nine employees and potentially viewed/obtained patients’ protected health information.

On December 21, 2018, an employee of the medical center noticed that their email account had been used to send large quantities of spam emails and on December 28, 2018, a potential security breach was reported to the medical center’s IT department. The IT department determined, on December 31, that the employee’s email account had been remotely accessed by an unauthorized individual.

The account was immediately secured and a third-party forensic expert was called in to conduct an investigation into the breach. While the investigation into the breach is ongoing, the forensics expert concluded on February 6, 2019, that nine email accounts had been compromised between November 2, 2018 and February 6, 2019.

The types of sensitive information in the compromised email accounts included patients’ full names, dates of birth, contact information, patient ID numbers, medical record numbers, financial information, diagnoses, treatment information, Social Security numbers, and health insurance data. The breach was limited to email accounts. The EMR system and other internal systems were unaffected by the breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Rutland Regional Medical Center will be sending notification letters to patients whose PHI may have been accessed in due course.

Additional safeguards and security measures will be implemented to further secure patients’ protected health information and improve email security to help prevent further breaches of this nature.

The breach has been reported to the Department for Health and Human Services’ Office for Civil Rights. The breach portal indicates 72,224 patients have been affected by the breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist