DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

And then there were three (Ascension Health entities breached)

Posted on April 27, 2015 by Dissent

Now can I say, “I told you so?”

When Ascension Health wouldn’t answer my question as to whether there were other members who had also had a phishing incident recently other than the two hospitals I had already reported on, I was even more suspicious.

Then this afternoon, I discovered that St. Agnes Health Care, Inc. in Maryland notified HHS of a breach of a “hacking/IT incident” involving PHI located in email.  The breach affected 24,967.

So I searched their site, and sure enough, they, too are part of Ascension Health, and they, too have what has become Ascension’s standard notice for this incident on their web site (although you won’t spot it from the home page):

Saint Agnes Health Care, Inc.  (“Saint Agnes”) recently sent letters to approximately 25,000 individuals informing them of an email phishing incident which targeted the e-mail accounts of its employees.  Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account.  The incident resulted in certain patient protected information being compromised, which included one or more of the following items: name, date of birth, gender, medical record number, insurance information, limited clinical information and, in four cases, social security numbers.

The user name and password for the e-mail account was immediately shut down and Saint Agnes launched a thorough investigation into the matter.  Saint Agnes engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.  The analysis involved manual and electronic review of the information to determine the scope of the incident and identify all individuals affected.

“We value the privacy and security of patient protected information and we are committed to protecting the confidentiality and privacy of our patients and employees,” said Sharon McNamara Corporate Responsibility Officer at Saint Agnes Healthcare, Inc. “It is our priority to support those who have been affected.”

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” McNamara said. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our e-mail service provider and are evaluating additional ways to enhance our already robust security program.”

Concerned individuals may wish to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. The credit bureaus’ information is below:

Equifax                       800-525-6285              www.equifax.com

Experian                      888-397-3742              www.experian.com

TransUnion                 800-680-7289          www.transunion.com

Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.  Affected individuals may call 1- 866-870-0474, Monday through Friday, 9 a.m. to 7 p.m. EST with questions.

Unlike St. Vincent’s and Seton Family’s notifications, however, this one doesn’t indicate when they discovered the breach. Anyone care to bet it was the first week of December?

 

 

Category: Health DataMalware

Post navigation

← MASSIVE FAIL: Indian gov DOXXES net neutrality campaigners; Gets DDoSed by @opindia_revenge in response.
And then there were four five (Ascension Health entities breached) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report