BJC Healthcare reported the unauthorized access of the email accounts of three employees after responding to the phishing emails they received.
On March 6, 2020, BJC Healthcare detected suspicious activity in the email accounts, which prompted the immediate security of the accounts. A prominent computer forensics company was hired to conduct an investigation which revealed that the attackers had only accessed the three accounts for a limited period of time on March 6. The investigators cannot tell if the attacker viewed or obtained patient data.
An evaluation of the accounts revealed they had the information of patients at 19 BJC Healthcare and affiliated hospitals. The email messages and attachments contained varying protected health information (PHI) of patients, which may have included the following data elements:
Patients’ names, dates of birth, patient account numbers, medical record numbers, and limited treatment and/or clinical details, which contained provider names, visit dates, prescribed medicines, diagnoses, and testing data. The health insurance details, Social Security numbers, and driver’s license numbers of a number of patients were also potentially compromised.
BJC Healthcare will notify by mail all patients affected by the breach as soon as the email account analysis is completed. Patients whose driver’s license or Social Security number were potentially compromised will be provided credit monitoring and identity theft protection services for free.
BJC HealthCare stated more security measures will be enforced to avoid occurrences such as this in the future and employees will get training again to help them identify and steer clear of suspicious emails.
The BJC HealthCare and affiliated hospitals affected by the breach are:
- Alton Memorial Hospital
- Barnes-Jewish St. Peters Hospital
- Barnes-Jewish Hospital
- Barnes-Jewish West County Hospital
- BJC Behavioral Health
- BJC Home Care
- BJC Medical Group
- BJC Corporate Health Services
- Boone Hospital Center
- Christian Hospital
- Louis Children’s Hospital
- Memorial Hospital East
- Memorial Hospital Belleville
- Missouri Baptist Medical Center
- Missouri Baptist Physician Services, LLC
- Missouri Baptist Sullivan Hospital
- Progress West Hospital
- Parkland Health Center Boone Terre
- Parkland Health Center Farmington