Max Roll reports:
Around 4,400 people were recently sent letters by St. Mary’s Medical Center informing them of a cyber attack on several hospital employees’ email accounts that happened in January, according to Randy Capehart, St. Mary’s spokesperson.
Hackers gained access to health information contained in the emails, according to Capehart. Patient information was compromised, including name, date of birth, gender, date of service, insurance information, health information and Social Security numbers in some cases. Capehart said St. Mary’s immediately shut down the email accounts
“It’s not clear if their information was shared because the shutdown was so quick,” Capehart said.
Read more on Evansville Courier & Press.
A substitute notice on the medical center’s web site, linked from their home page, reads:
Substitute Notice – Hacking Attack Incident
03/05/2015The privacy and security of patient information is of utmost importance to St. Mary’s Health (“St. Mary’s”), and it has implemented significant security measures to protect such information. Regrettably, despite St. Mary’s efforts to safeguard patient information, a hacking attack has affected St. Mary’s patients and employees.
On December 3, 2014, St. Mary’s learned that several employees’ user names and passwords had been compromised as a result of an e-mail hacking attempt. It immediately shut down the user names and passwords and launched an investigation into the matter. After careful review, St. Mary’s learned on January 8, 2015, that employee e-mail accounts subject to the hacking attempt contained some personal information for approximately 4,400 individuals.
The personal health information in the e-mail account included patient name, date of birth, gender, date of service, insurance information, limited health information and, in some cases, social security numbers. The hackers did not gain access to individual medical records or billing records.
Please be assured that St. Mary’s is taking steps to mitigate this incident by notifying affected individuals via letter, posting this substitute notice and providing notice to prominent media outlets in the area. Identity protection and monitoring services will be offered free of charge as appropriate for affected individuals. Additionally, St. Mary’s is working with its e-mail service provider to evaluate ways to enhance its already robust security program. St. Mary’s will also provide additional education to employees regarding e-mail hacking attacks.
In addition to the steps that St. Mary’s has taken, affected individuals may wish to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. The credit bureaus’ information is below:
Equifax 800-525-6285 www.equifax.com
Experian 888-397-3742 www.experian.com
TransUnion 800-680-7289 www.transunion.com
St. Mary’s sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients and employees that St. Mary’s is taking appropriate measures to avoid an incident of this nature happening in the future.
Should you have any questions regarding this matter, please contact the following toll-free number: 1-877-643-2062.