Four details:
1. Patient information affected by the breach includes names, diagnoses, dates of services and facility account numbers. Patients’ EHRs were not involved in the breach.
2. The hospital on April 23 discovered patient information in two employee email accounts may have been accessed by an unauthorized third party.
3. CHI St. Luke’s Health discovered the exposure while investigating a security event involving one of its servers, which it learned about March 25.
4. The hospital launched an investigation into the incident and has since reset passwords across the facility, replaced and upgraded hardware, made software changes, and altered network access processes.
More articles on cybersecurity:
Kroger network server breach exposes nearly 11,000 patients’ info
Care New England resolves cyberattack after nearly weeklong computer system outage
Ransomware group auctions Crozer-Keystone Health System data on darknet