Chicago-based Swedish Hospital, part of NorthShore University HealthSystem, began notifying 4,206 patients that their data has been breached after a hacker gained access to a physician's email.
The physician's hacked account was used to bait colleagues into opening malicious emails, according to a May 28 news release.
Four details:
1. On March 22, Swedish learned that a physician's email had been breached by a third party who used the account to send spam and phishing emails to others within the organization.
2. The hospital deactivated the email account and temporarily suspended remote email access within the organization. Soon after, Swedish executed an independent forensic analysis.
3. Swedish's email system prevents users from downloading or printing any emails containing protected health information, which potentially halted the hackers from accessing patients' data.
4. Swedish does not believe the hackers' goal was to download PHI, the news release said. However, hackers had access to names, birthdates, contact information and information related to treatment.