Austin, Texas-based Seton Family of Hospitals, a division of Seton Healthcare Family, has notified approximately 39,000 patients that their protected health information may have been accessed by hackers, according to a statement on their website.
Hackers conducted an email phishing attack Dec. 4, 2014 through which hackers obtained usernames and passwords of Seton employees' email accounts. Affected email accounts were immediately shut down when the system learned of the attack, according to the statement.
Compromised personal health information includes names, addresses, birth dates, medical record numbers, insurance information, "limited critical information" and some Social Security numbers. Hackers did not gain access to individual medical records or billing records, according to the statement.
Seton has notified affected patients and is offering free identity monitoring and protection services for individuals whose Social Security number was compromised. The health system is also determining ways to better enhance its security and will provide additional education to employees about email phishing, according to the statement.
Seton Healthcare Family is a member of Ascension, a faith-based health system based in St. Louis.
More articles on data breaches:
FBI advises Anthem not to speak publicly about breach
Growing incidence of medical identity fraud puts healthcare organizations on red alert
Anthem aftermath: CIOs and IT leaders recall what they did right after the attack