25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Up to 32,000 Patients Impacted by Elizabethtown Community Hospital Email Account Breach

Posted By on Dec 18, 2018

Approximately 32,000 patients of the University of Vermont Health Network’s Elizabethtown Community Hospital are being notified that some of their protected health information (PHI) has been exposed as a result of email account breach.

On October 18, 2018, Elizabethtown Community Hospital discovered an unauthorized individual had gained access to an employee’s email account. The password for the compromised email account was immediately changed and a leading forensic security firm was retained to conduct an investigation into the breach. The investigation, which lasted 60 days, confirmed that a single email account was compromised on October 9, 2018.

The hospital’s information technology systems were not accessed and medical records remained secure at all times. An analysis of the breached email account revealed it contained the PHI of around 32,000 patients. The types of information that were exposed differed from patient to patient and may have included names, addresses, dates of birth, primary information such as medical record numbers, dates of service, summaries of services provided, and limited medical information. The Social Security numbers of 1,200 patients were also exposed.

During the nine days that the account was accessible it is possible that the PHI of patients was viewed or copied, although no evidence of data theft was found. Elizabethtown Community Hospital is unaware of any misuse of patient information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Elizabethtown Community Hospital decided to notify 32,000 patients out of an abundance of caution. The investigation is ongoing, and the breach may be found to have affected fewer patients. Free credit monitoring and identity theft protection services have been offered to all patients whose social security number was exposed.

Elizabethtown Community Hospital has now enhanced the security of its email system and further training has been provided to employees in relation to protecting patient information.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more