Image via Saint Agnes Medical Center Facebook page
Written by Donald A. Promnitz
Saint Agnes Medical Center has experienced a cybersecurity incident that originated with a sister hospital in the Pacific Northwest.
According to a media release from Saint Agnes, an employee of Oregon/Idaho-based Saint Alphonsus Health System had their email compromised by an unauthorized user. This individual used the employee’s account to send phishing emails in an attempt to obtain login IDs and passwords from January 4-6.
Saint Agnes and Saint Alphonsus are members of Trinity Health, a multi-institutional Catholic health care delivery system serving 30 million people across 22 states.
Saint Alphonsus made the initial discovery on Jan. 6 and moved quickly to identify the source and nature of the activity and to secure the email account. While there is no evidence of any misuse of information in the email account, a review of its contents was conducted to determine what information might have been accessible, according to the release.
Through the review it was determined that a report containing a combination of the following types of information might have been accessible: patient name, address, telephone, date of birth, email and medical information such as medical record number, treatment information and billing information.
A letter was sent to each of the patients included on the report explaining the full details of what happened, the immediate actions taken by Trinity Health, Saint Alphonsus and Saint Agnes to address the incident and how it may impact their privacy. All patients were also offered a free credit monitoring service.
“Saint Agnes deeply regrets any inconvenience or concern this situation may have caused its patients,” according to the release. “It is believed to be an unfortunate and isolated incident.”
Saint Alphonsus had a similar incident occur in May 2020 that involved a third-party fundraising service provider, reported ktvb.com.