DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: St. John’s Episcopal Hospital/ Episcopal Health Services notifies patients after employee email accounts were hacked

Posted on November 16, 2018 by Dissent

From Episcopal Health Services:

Episcopal Health Services recently discovered an incident that may affect the security of personal information of certain current and former patients. We take this incident very seriously and the confidentiality, privacy, and security of our information is one of our highest priorities.

What Happened? On September 18, 2018 Episcopal Health Services became aware of suspicious activity in employee email accounts. We immediately began an investigation to determine what happened and what information may have been affected. With the assistance of third party forensic investigators, we determined that certain employee email accounts were subject to unauthorized access between August 28, 2018 and October 5, 2018. These email accounts were then reviewed to determine whether they contained any protected health or personal information. On November 1, 2018, Episcopal Health Services determined that the accounts subject to unauthorized access contained protected health information of certain individuals. The types of information contained within the potentially impacted emails are: Social Security number, date of birth, financial account information, medical history information, prescription information, medical record number, treatment or diagnosis information, and health insurance information or policy number. The types of information varied by individual.

Episcopal Health Services is not aware of any reported attempted or actual misuse of any personal information as a result of this event.

What is Episcopal Health Services doing in response to this incident? Episcopal Health Services is committed to, and takes very seriously, its responsibility to protect all data entrusted to us. We are continuously taking steps to enhance data security protections. As part of our incident response, we changed the log-in credentials for all employee email accounts to prevent further unauthorized access. Since then, we have continued ongoing efforts to enhance security controls and to implement additional controls to help protect employee email accounts from unauthorized access. In an abundance of caution, we are also notifying and offering 12 months of complimentary credit monitoring to potentially affected individuals so that they may take further steps to best protect their personal information, should they feel it is appropriate to do so. We are also notifying any required federal and state regulators.

What should I do in response to this incident? Episcopal Health Services encourages you to remain vigilant against incidents of identity theft and fraud. You should review your account statements or your loved ones’ account statements for suspicious activity. If you see any unauthorized charges, promptly contact the bank or credit card company. We also recommend reviewing your credit report for inquiries from companies that you have not contacted, accounts you did not open and debts on your accounts that you cannot explain.

What can I do to protect my information?

Monitor Your Accounts.

Credit Reports. Episcopal Health Services encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

Security Freeze You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

[…]

Questions regarding the incident should be directed to 1-866-775-4209, Monday through Friday from 9:00a.m. to 6:00 p.m. Eastern Time.

Read the full notification on EHS.org. The number of patients affected was not disclosed, but perhaps it will show up on HHS’s breach tool.

Related posts:

  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
  • NY: Episcopal Health Services – Notice of Data Privacy Event
  • McAlisters Deli, Moe’s Southwest Grill, Schlotzsky’s Notice of Data Breach to Consumers
  • Beacon Health System notifies 1,200 patients of employee wrong-doing
Category: HackHealth DataU.S.

Post navigation

← HealthEquity, Inc. notifying 190,000 after two employee email accounts were hacked
Family Tree Relief Nursery notifies families of ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.