HIPAA Violation Hits 16,167 Patients Patients at Hospital Sisters Health System


Unauthorized individuals have been gaining access to access emails and email attachments containing the protected health information of 16,167 patients within the Hospital Sisters Health System. It was recently discovered that a HIPAA-violating email security breach took place during August 2019.

A 15-hospital health system serving patients in Illinois and Wisconsin, Hospital Sisters Health System found that form August 6 2019 to August 9, 2019 cybercriminals obtained access to the email accounts of several staff members. Swift action was implemented to safeguard the impacted staff email accounts by changing passwords and a leading computer forensic firm was retained to examine the breach and determine whether the compromised accounts contained patient data.

On December 2, 2019, Hospital Sisters Health System first noticed that private patient data many have been infiltrated accessed by the cybercriminals. The impacted email accounts were found to contain patient names, birth dates, and a limited amount of clinical information. The health insurance information, Social Security number, and/or driver’s license number of some patients was also exposed.

On January 31, 2020, Hospital Sisters Health System initiated a broadcast of mailing notification letters to all impacted patients. Individuals whose Social Security number or driver’s license number was exposed have been provided with the chance to avail of free membership to identity theft protection services and all individuals have been advised to monitor their accounts and explanation of benefits statements closely and to report any suspicious activity to the relevant law enforcement bodies.

Hospital Sisters Health System has already begun of process of enhancing email security to a bid to eliminate the chance of breaches like this happening again.