Episcopal Health Services Email Hacking Compromised Patients’ PHI


St. John’s Episcopal Hospital and Episcopal Health Services located in New York have informed former and current patients about the potential compromise of their protected health information (PHI).

Episcopal Health Services found the occurrence of suspicious activity in several employees’ e-mail accounts on September 18, 2018. A third-party computer forensics firm quickly looked into the nature and magnitude of the breach. As per the investigation results, a number of employees’ email accounts were accessed beginning August 28, 2018 until October 5, 2018.

The comprehensive evaluation of the compromised email accounts came to a conclusion on November 1. The breached data varied among the affected patients though the following patients’ data were potentially exposed: name, Social Security number, birth date, health record number, medical history, diagnoses, treatment, prescription medication details, financial data, and medical insurance data.

Episcopal Health Services posted in its substitute breach notification that the necessary steps are being undertaken to better data security. All employee email accounts had their passwords reset and implementation of extra email security controls had been setup to stop hackers from account access.

No evidence was found to indicate the theft or misuse of data, nevertheless Episcopal Health Services provided all affected patients with complimentary one year of credit monitoring services as a safety measure. Considering the sensitive nature of the compromised data, Episcopal Health Services advised patients to keep track of their account statements for falsified transactions.

Episcopal Health Services did not disclose publicly the exact number of patients affected by the breach.