DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

And then there were three (Ascension Health entities breached)

Posted on April 27, 2015 by Dissent

Now can I say, “I told you so?”

When Ascension Health wouldn’t answer my question as to whether there were other members who had also had a phishing incident recently other than the two hospitals I had already reported on, I was even more suspicious.

Then this afternoon, I discovered that St. Agnes Health Care, Inc. in Maryland notified HHS of a breach of a “hacking/IT incident” involving PHI located in email.  The breach affected 24,967.

So I searched their site, and sure enough, they, too are part of Ascension Health, and they, too have what has become Ascension’s standard notice for this incident on their web site (although you won’t spot it from the home page):

Saint Agnes Health Care, Inc.  (“Saint Agnes”) recently sent letters to approximately 25,000 individuals informing them of an email phishing incident which targeted the e-mail accounts of its employees.  Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account.  The incident resulted in certain patient protected information being compromised, which included one or more of the following items: name, date of birth, gender, medical record number, insurance information, limited clinical information and, in four cases, social security numbers.

The user name and password for the e-mail account was immediately shut down and Saint Agnes launched a thorough investigation into the matter.  Saint Agnes engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.  The analysis involved manual and electronic review of the information to determine the scope of the incident and identify all individuals affected.

“We value the privacy and security of patient protected information and we are committed to protecting the confidentiality and privacy of our patients and employees,” said Sharon McNamara Corporate Responsibility Officer at Saint Agnes Healthcare, Inc. “It is our priority to support those who have been affected.”

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” McNamara said. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our e-mail service provider and are evaluating additional ways to enhance our already robust security program.”

Concerned individuals may wish to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. The credit bureaus’ information is below:

Equifax                       800-525-6285              www.equifax.com

Experian                      888-397-3742              www.experian.com

TransUnion                 800-680-7289          www.transunion.com

Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.  Affected individuals may call 1- 866-870-0474, Monday through Friday, 9 a.m. to 7 p.m. EST with questions.

Unlike St. Vincent’s and Seton Family’s notifications, however, this one doesn’t indicate when they discovered the breach. Anyone care to bet it was the first week of December?

 

 

No related posts.

Category: Health DataMalware

Post navigation

← MASSIVE FAIL: Indian gov DOXXES net neutrality campaigners; Gets DDoSed by @opindia_revenge in response.
And then there were four five (Ascension Health entities breached) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.