Indiana-based St. Mary's Health announced that several employees had their usernames and passwords compromised, and their email accounts contained personal information on roughly 4,400 individuals.
How many victims? Roughly 4,400.
What type of personal information? Names, dates of birth, genders, dates of service, insurance information, limited health information, and Social Security numbers.
What happened? Several St. Mary's Health employees had their usernames and passwords compromised in an “e-mail hacking attempt,” and their email accounts contained the personal information.
What was the response? St. Mary's Health immediately shut down the usernames and passwords and launched an investigation. St. Mary's Health is working with its email service provider to enhance its security program, and will provide additional education to employees. All impacted individuals are being notified, and offered free identity protection and monitoring services.
Details: St. Mary's Health learned of the incident on Dec. 3, 2014, and on Jan. 8 learned what personal information may be at risk.
Quote: “The hackers did not gain access to individual medical records or billing records,” according to a notification posted to the St. Mary's Health website.
Source: stmarys.org, “Substitute Notice - Hacking Attack Incident,” March 5, 2015.