Sacred Heart Health System in northwestern Florida reported a security breach due to a phishing attack on a third-party vendor that possibly exposed the information of 14,000 patients.
Sacred Heart, which operates three hospitals in Pensacola, Emerald Coast and Port St. Joe, as well as several other clinics and specialty centers, reported the breach on March 16. The system was informed Feb. 2 by one of its third-party billing vendors that an employee's email had been hacked through a phishing attack. The attack was detected by the vendor on Dec. 3, and the account was shut down the same day, according to NorthEscambia.com.
The health system launched an investigation and found the email account of the targeted billing vendor employee contained the information of approximately 14,000 individuals. The information compromised included patient names, date of service, date of birth, diagnosis and procedure, billing account numbers, total charges and physicians' names, according to the report.
Sacred Heart has informed those potentially affected by the breach and is offering identity monitoring and protection services for those whose social security numbers may have been compromised, according to the report.