A security breach at one of the third-party vendors of Sacred Heart Health Systems has resulted in the exposure of health and personal information of approximately 14,000 patients.
Hackers were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names, and 40 of the patients Social Security numbers were also compromised, through phishing attack by gaining access to the email account of an employee of the billing vendor.
The incident was first discovered on Dec. 3, 2014, and username and password of the employee was immediately shut down. On Feb 2,2015, Sacred Heart was notified of the attack.
They immediately launched an internal investigation by engaging computer forensics experts, to conduct and analyze the incident and help to accurately identify affected ones, and they sent letters to all affected patients informing them about the hacking attack. The hacker has not been identified.