BJC Healthcare has announced that the email accounts of three of its employees have been accessed by an unauthorized individual after the employees responded to phishing emails.
Suspicious activity was detected in the email accounts on March 6, 2020 and the accounts were immediately secured. A leading computer forensics firm was engaged to conduct an investigation which revealed the three accounts had only been accessed for a limited period of time on March 6. It was not possible to tell if patient data was viewed or obtained by the attacker.
A review of the accounts revealed they contained the data of patients at 19 BJC and affiliated hospitals. Protected health information in emails and attachments varied from patient to patient and may have included the following data elements:
Patients’ names, medical record numbers, patient account numbers, dates of birth, and limited treatment and/or clinical information, which included provider names, visit dates, medications, diagnoses, and testing information. The health insurance information, Social Security numbers, and driver’s license numbers of certain patients were also potentially compromised.
All patients affected by the breach will be notified by mail when the email account review is completed. Patients whose driver’s license or Social Security number has potentially been compromised will be offered complimentary credit monitoring and identity theft protection services.
BJC HealthCare said additional security measures will be implemented to prevent incidents such as this in the future and staff will be retrained to help them identify and avoid suspicious emails.
The following BJC HealthCare and affiliated hospitals were affected by the breach:
- Alton Memorial Hospital
- Barnes-Jewish Hospital
- Barnes-Jewish St. Peters Hospital
- Barnes-Jewish West County Hospital
- BJC Behavioral Health
- BJC Corporate Health Services
- BJC Home Care
- BJC Medical Group
- Boone Hospital Center
- Christian Hospital
- Memorial Hospital Belleville
- Memorial Hospital East
- Missouri Baptist Medical Center
- Missouri Baptist Physician Services, LLC
- Missouri Baptist Sullivan Hospital
- Parkland Health Center Boone Terre
- Parkland Health Center Farmington
- Progress West Hospital
- Louis Children’s Hospital
The post Phishing Attack at BJC HealthCare Impacts Patients at 19 Hospitals appeared first on HIPAA Journal.