DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

And then there were three (Ascension Health entities breached)

Posted on April 27, 2015 by Dissent

Now can I say, “I told you so?”

When Ascension Health wouldn’t answer my question as to whether there were other members who had also had a phishing incident recently other than the two hospitals I had already reported on, I was even more suspicious.

Then this afternoon, I discovered that St. Agnes Health Care, Inc. in Maryland notified HHS of a breach of a “hacking/IT incident” involving PHI located in email.  The breach affected 24,967.

So I searched their site, and sure enough, they, too are part of Ascension Health, and they, too have what has become Ascension’s standard notice for this incident on their web site (although you won’t spot it from the home page):

Saint Agnes Health Care, Inc.  (“Saint Agnes”) recently sent letters to approximately 25,000 individuals informing them of an email phishing incident which targeted the e-mail accounts of its employees.  Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account.  The incident resulted in certain patient protected information being compromised, which included one or more of the following items: name, date of birth, gender, medical record number, insurance information, limited clinical information and, in four cases, social security numbers.

The user name and password for the e-mail account was immediately shut down and Saint Agnes launched a thorough investigation into the matter.  Saint Agnes engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.  The analysis involved manual and electronic review of the information to determine the scope of the incident and identify all individuals affected.

“We value the privacy and security of patient protected information and we are committed to protecting the confidentiality and privacy of our patients and employees,” said Sharon McNamara Corporate Responsibility Officer at Saint Agnes Healthcare, Inc. “It is our priority to support those who have been affected.”

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” McNamara said. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our e-mail service provider and are evaluating additional ways to enhance our already robust security program.”

Concerned individuals may wish to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. The credit bureaus’ information is below:

Equifax                       800-525-6285              www.equifax.com

Experian                      888-397-3742              www.experian.com

TransUnion                 800-680-7289          www.transunion.com

Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.  Affected individuals may call 1- 866-870-0474, Monday through Friday, 9 a.m. to 7 p.m. EST with questions.

Unlike St. Vincent’s and Seton Family’s notifications, however, this one doesn’t indicate when they discovered the breach. Anyone care to bet it was the first week of December?

 

 


Related:

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
Category: Health DataMalware

Post navigation

← MASSIVE FAIL: Indian gov DOXXES net neutrality campaigners; Gets DDoSed by @opindia_revenge in response.
And then there were four five (Ascension Health entities breached) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.