A hacker sought to reroute payment funds at Yonkers, N.Y.-based St. John’s Riverside Hospital before the facility detected the incident.
In September, the unauthorized party accessed a small number of employee email accounts to send phishing emails for the theft attempt.
“Upon discovery, St. John’s Riverside Hospital promptly changed passwords, revoked session tokens, reset multifactor authentication, and engaged data security and privacy professionals to assist in an investigation,” the organization said in a December notice. “There is no indication that personal information has been misused for the purposes of identity theft or fraud.”
The breached data of 2,238 individuals may have included names, dates of birth, Social Security and driver’s license numbers, financial account information, and medical records.
