Email Breach at Hospital Sisters Health System and Burglary at Jefferson Center for Mental Health

Hospital Sisters Health System learned recently about the occurrence of an email security breach in August 2019. Unauthorized people possibly got access to e-mail messages and attachments that contain 16,167 patients’ protected health information (PHI).

Hospital Sisters Health System provides patient care in Wisconsin and Illinois as a 15-hospital health system. During the period between August 6, 2019 and August 9, 2019, some unauthorized individuals got email access to the accounts of a few employees. The health system took immediate action to secure email accounts by means of replacing passwords. A well-known computer forensic firm works on the breach investigation to know if there was patient data contained in the compromised email accounts.

On December 2, 2019, the investigators advised the Hospital Sisters Health System that attackers possibly viewed patient information. The information identified in the compromised email accounts were the following: patient names, birth dates, and various clinical information. The Social Security number, medical insurance information, or driver’s license number of some patients were likewise compromised.

Hospital Sisters Health System started mailing notification letters to all patients with compromised information on January 31, 2020. Persons with exposed Social Security numbers or driver’s license numbers were offered free identity theft protection services. They were additionally told to check their financial accounts and explanation of benefits statements with care and report to the police authorities in case there is any suspicious activity.

Because of the breach, the Hospital Sisters Health System took the necessary steps to strengthen email security so that the same incident will be avoided in the future.

Jefferson Center for Mental Health Breach of PHI

Jefferson Center for Mental Health is a mental health care and substance use services provider located in a local community in Colorado. The center reported a burglary at its Independence Corner facility found in Wheat Ridge on November 29, 2019.

Jefferson Center knew about the burglary on December 2, 2019 and submitted a report to law enforcement. The thieves didn’t steal any paperwork that contains patient information, but the thieves may have viewed 1,319 patients’ private and treatment information.

Unauthorized data access is quite unlikely to have occurred. Nevertheless, patients were warned to keep watch over their accounts. Jefferson Center for Mental Health is presently working on securing its physical security offices.