Email Hacking Incident Informed by Episcopal Health Facilities

Specified existing and previous patients of St. John’s Episcopal Hospital and Episcopal Health Facilities in New York are being informed that some of their protected health information has possibly been compromised.

On September 18, 2018, Episcopal Health Facilities became conscious of doubtful activity in several worker electronic mail accounts. An inquiry was instantly launched, and a third-party digital forensics company was called in to decide the nature and scope of the breach. The inquiry exposed many worker electronic mail accounts had been compromised between August 28, 2018 and October 5, 2018.

A detailed examination of the compromised electronic mail accounts was finished on November 1. The kinds of information exposed varied from patient to patient but might have included name, medical record number, treatment information, diagnoses, prescription information, medical history, Social Security number, date of birth, financial information, and health insurance information.

“Episcopal Health Facilities is devoted to, and takes very earnestly, its responsibility to safeguard all data entrusted to us. We are constantly taking steps to increase data safety protections,” clarified Episcopal Health Services in its alternate breach notice. The measures taken to improve safety include a forced password reset on all worker electronic mail accounts and the application of additional electronic mail safety controls to avoid more illegal access.

Although no proof of data theft or abuse was exposed during the investigation, out of an abundance of caution, Episcopal Health Facilities has offered all affected people 12 months of credit checking facilities without fee. Because of the confidential nature of the information that was disclosed, Episcopal Health Facilities has advised patients to check their account statements for any indication of doubtful activity.

It is presently unclear how many patients have been impacted by the breach.