The Evansville, Ind.-based St. Mary's Health has informed approximately 4,400 individuals that several e-mail accounts of hospital employees have been compromised in a cyber attack.
According to a notice on the organization’s website, on Dec. 3, 2014, St. Mary’s learned that several employees' user names and passwords had been compromised as a result of an e-mail hacking attempt. It immediately shut down the user names and passwords and launched an investigation into the matter. St. Mary’s then learned on Jan. 8, 2015, that employee e-mail accounts subject to the hacking attempt contained some personal information of 4,400 individuals.
The personal health information in the e-mail account included patient name, date of birth, gender, date of service, insurance information, limited health information and, in some cases, social security numbers. The hackers did not gain access to individual medical records or billing records, according to St. Mary's officials.
According to the organization, “identity protection and monitoring services will be offered free of charge as appropriate for affected individuals. Additionally, St. Mary’s is working with its e-mail service provider to evaluate ways to enhance its already robust security program. St. Mary’s will also provide additional education to employees regarding e-mail hacking attacks.”