Phishing Attack on Saint Agness Medical Center Saint Alphonsus Health System and Southeastern Minnesota Center for Independent Living

Because of a phishing attack suffered by Saint Alphonsus Health System based in Boise, ID, the data of its patients were likely exposed, as well as the information of patients of Saint Agnes Medical Center located in Fresno, CA.

Saint Alphonsus discovered abnormal activity in the email account of a worker on January 6, 2021. The provider quickly protected the email account and looked into the breach to find out the origin and character of the incident. Saint Alphonsus confirmed that an unauthorized person viewed the account on January 4, 2021, allowing the individual to access the account and the data stored in it for two days. The attacker utilized the account to send out phishing emails to other persons trying to acquire usernames and passwords.

The staff who had his credentials compromised served in some business functions that needed access to protected health information (PHI), like carrying out billing tasks for the West Region of Trinity Health, such as Fresno.

An analysis of all messages and attachments revealed that the account held the PHI of a number of patients. The PHI in the account differed from patient to patient. These data elements were affected full names joined with one or more of these data elements: birth date, address, phone number, email address, medical record number, treatment details, and/or billing data. The account likewise included some Credit Card Numbers And Social Security Numbers.

Though the investigators confirmed the unauthorized account access, it was impossible to ascertain which email messages, if any, were viewed. Back then while sending notifications, there was no evidence found that shows the misuse of any patient information. The provider made available credit monitoring services to the impacted people. Workers received additional training about email and cybersecurity to avert identical breaches later on.

The number of patients affected by the attack is still not yet sure right now. Updates will be presented when more data is received.

4,122 Persons Impacted by Phishing Attack on Southeastern Minnesota Center for Independent Living

Disability and support services provider, Southeastern Minnesota Center for Independent Living (SEMCIL) based in Rochester and Winona, has uncovered an unauthorized person obtained access to the email account of an employee that held the PHI of 4,122 persons.

The investigators of the security incident showed the email account was breached on August 6, 2020 and the hacker had probable account access up to September 1, 2020. The investigation affirmed on December 22, 2020 the compromise of PHI, which included names, addresses, birth dates, driver’s license numbers, Social Security numbers, and a few medical treatment details. The provider began delivering notification letters to impacted people on February 19, 2021.

The investigation didn’t find any proof that indicates any PHI was accessed or acquired, and there were no reports gotten that suggest the improper use of any PHI. As a safety measure against identity theft and fraud, persons who had their Driver’s License Number Or Social Security Number compromised got offers of identity theft protection services at no cost.