Texas health system attacked, data on more than 400K compromised

Share this article:

More than 400,000 patients and employees of St. Joseph Health System in Texas are being notified that their personal information – including Social Security numbers and, in some cases, bank account information – may have been accessed following an attack on the health system's computer system.

How many victims? More than 400,000 patients, employees and employee beneficiaries.  

What type of personal information? Names, addresses, dates of birth and Social Security numbers. For patients, medical records were accessible. For some employees, banking information was accessible.

What happened? Attackers gained unauthorized access to one server on the St. Joseph computer system, which contained the data.

What was the response? Upon learning of the breach, St. Joseph immediately shut down access to the compromised computer and hired national security and computer forensics experts to investigate. The FBI has been alerted and is looking into the incident. All impacted individuals are being notified, and are being offered one free year of identity protection services.

Details: Attackers gained unauthorized access to the computer server between Dec. 16, 2013, and Dec. 18, 2013. St. Joseph learned of the incident and shut down the compromised computer on Dec. 18, 2013.

Quote: “While it is possible that some information was accessed or taken, the forensics investigation has been unable to confirm this, which is why we are providing this notice,” Denise Goffney, corporate compliance officer and privacy officer with St. Joseph, wrote in the notification letter.

Source: st-joseph.org, “St. Joseph Health System – Notice of Data Security Incident,” Feb. 5, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.