Elizabethtown Community Hospital, part of the University of Vermont Health Network, notified about 32,000 patients that their personal health information was breached during an email hack, as reported by HealthITSecurity.
On October 18, 2018, hospital officials discovered an unauthorized user had accessed an employee email account. The password to the account was immediately changed and officials hired a forensics team to investigate.
The 60-day investigation determined the breach began on October 9, nine days before it was discovered and determined only one email account was affected. The compromised account contained PHI, which varied by patient. The data included names, dates of birth, addresses, and medical information. About 1,200 Social Security numbers were breached, as well. It’s possible the hacker was able to view or copy the data.
Officials have bolstered email system security and are retraining staff on security to assure protection of patients’ information. Email hacks continue to plague the healthcare sector, with breaches caused by patient data left stored in accounts.
Need to train your staff on best practices for email security? Contact HIPAAcraticRx, the outsourced prescription for HIPAA compliance.