Hemphill, Texas-based Sabine County Hospital was affected by a data security breach in February after an unauthorized party accessed an employee’s email account, according to an Aug. 4 notice.
The hospital discovered the breach Feb. 12 when a fraudulent invoice was sent from the compromised account. While the attack appeared financially motivated, an internal audit later revealed that patient information was present in some emails involved.
There is no evidence that patient data has been accessed or misused, but the hospital is mailing notices to potentially affected patients and plans to file a report with the HHS’ Office for Civil Rights.
Potentially impacted data includes patient names, dates of service, diagnoses, treatment details, Social Security or Medicare numbers, insurance carriers and payment data.
Sabine County Hospital said it has secured the affected account and is encouraging patients to follow identity protection guidance from the Federal Trade Commission.
