Hospital Sisters Health System has recently found out that an email security breach in August 2019 led to unauthorized people obtaining access to emails and email attachments that included the protected health information of 16,167 patients.
Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the email accounts of several staff members. Quick action was taken to secure the affected email accounts and a leading computer forensic firm was contracted to investigate the attack and determine whether the compromised accounts included patient information.
On December 2, 2019, Hospital Sisters Health System was advised that patient information had potentially been accessed by the attackers. The compromised email accounts were found to include patient names, birth dates, and a small amount of clinical information. Some patients also had their health insurance data, Social Security number, and/or driver’s license number exposed.
On January 31, 2020, Hospital Sisters Health System began mailing notification letters to all impacted patients. Individuals whose Social Security number or driver’s license number was exposed have been offered free membership to identity theft protection services and all patients have been advised to monitor their accounts and explanation of benefits statements closely and to report any suspicious activity to law enforcement agencies.
Hospital Sisters Health System will be updating its policies and procedures and will strengthen its email security defenses to prevent similar breaches from occurring in the future.