Hospital Sisters Health System has recently found out that an email security breach in August 2019 may have lead to unauthorized people obtaining access to access emails and email attachments including the protected health information of 16,167 patients.
Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the email accounts of several staff members. Quick action was implemented to secure the affected email accounts by changing passwords and a leading computer forensic firm was contracted to examine the breach and determine whether the compromised accounts included patient information.
On December 2, 2019, Hospital Sisters Health System was advised that patient information had potentially been accessed by the cyber criminals. The compromised email accounts were found to include patient names, birth dates, and a small amount of clinical information. Some patients also had their health insurance idata, Social Security number, and/or driver’s license number exposed.
On January 31, 2020, Hospital Sisters Health System began mailing notification letters to all impacted patients. Individuals whose Social Security number or driver’s license number was exposed have been offered free membership to identity theft protection services and all people have been advised to monitor their accounts and explanation of benefits statements closely and to report any suspicious activity to law enforcement agencies.
Hospital Sisters Health System has to implement a policy aimed at bolstering email security to prevent similar breaches from occurring again.