Maryland-based Saint Agnes Health Care is notifying approximately 25,000 individuals that their personal information was compromised by attackers who used a phishing email to gain access to an employee's email account, which contained the data.
How many victims? Approximately 25,000.
What type of personal information? Names, dates of birth, genders, medical record numbers, insurance information, limited clinical information and – in four cases – Social Security numbers.
What happened? The personal information was compromised by attackers who used a phishing email to gain access to a Saint Agnes employee's email account, which contained the data.
What was the response? The username and password for the affected email account were shut down. Saint Agnes is implementing administrative, technical and physical safeguards to protect against unauthorized access to protected health information. All impacted individuals are being notified, and free identity monitoring and protection services will be offered to those whose Social Security numbers were affected.
Details: The phishing attack targeted the email accounts of Saint Agnes employees.
Quote: “In this instance, we reported the incident to our e-mail service provider and are evaluating additional ways to enhance our already robust security program,” Sharon McNamara, corporate responsibility officer at Saint Agnes, was quoted as saying in a notification posted to the Saint Anges website.
Source: stagnes.org, “Saint Agnes Health Care Inc. Provides Support to Patients After Email Phishing Incident,” April 27, 2015.