Sacred Heart Health System has sent letters to approximately 14,000 patients informing them of a hacking attack which targeted one of its third-party billing vendors.
Specifically, hackers were able to use a phishing attack to gain access to the email account of an employee of the billing vendor. The attack resulted in certain patient health information being compromised which included patient names, date of service, date of birth, diagnosis and procedure, total charges and physician name. Approximately 40 individuals’ Social Security numbers were also compromised.
The hackers did not gain access to patients’ medical records. “We value the privacy and security of patient information, and regret this unfortunate incident,” said Genevieve Harper, Privacy Officer for Sacred Heart Health System.” “It is our priority to support those who have been affected.”
“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future.” Harper said. “Specifically, we are working with our billing vendor to ensure they are continually evaluating and modifying their practices to enhance the security and privacy of all confidential and/or sensitive information in their possession.”
