Missouri hospital notifies patients of employee email hack exposing PHI: 5 things to know

Perry County Memorial Hospital in Perryville, Mo., reported an unauthorized individual gained access to two employee email accounts earlier this year.

The FBI, the HHS and the Cyber Security and Infrastructure Security Agency under the Department of Homeland Security issued an advisory on Oct. 28 outlining how phishing emails can distribute ransomware and warning hospitals that malware can exist in the system for a period of time before disrupting IT networks.

Five details:

1. The hospital notified patients on Oct. 22 that two employee emails were hacked around Aug. 23. The emails contained some personal information.

2. Perry County Memorial blocked the suspicious activity and worked with outside experts to investigate the incident.

3. On Sept. 10, the hospital found one of the email accounts was at risk of being copied and the incident was investigated.

4. Patient names, birth dates, diagnostic codes, provider names and other health information was included in the breached email accounts. Some patients' Social Security numbers, Medicare numbers and other health insurance information were potentially exposed as well.

5. The incident exposed information for 501 individuals, according to HHS.

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars