DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in part:
The investigation found that the user’s email account was only accessed through a web browser, and while certain emails may have been accessed by the unauthorized person, there is currently no evidence that suggests any PHI in the emails were the target of the attack or otherwise copied or misused in any way.
The notice does not indicate how many of their patients were impacted, but earlier this week, hospital management firm UHS of Delaware reported a breach to both the Texas Attorney General’s Office and the Montana Attorney General’s Office. Both the Texas website notice and the Montana notice, which is a template, state that the patient information potentially affected by the incident typically included full name, patient account and/or medical record number, admission and/or discharge date, status of diagnosis and/or discharge, and in some instances, associated billing amounts.
UHS Delaware’s report to Texas is not uploaded to the state’s site, but the state does post the number of Texans affected. UHS Delaware reported that 130,000 Texans were impacted. Whether that number represents patients at a number of Texas hospitals or is just from one Texas hospital is not yet clear.
There may be more disclosures related to this incident, so come back to see any updates.