The breach resulted from an e-mail phishing incident that targeted employee e-mail accounts to access protected health information.
The Baltimore health system on Monday said it sent letters to 25,000 individuals notifying them of the incident, which compromised at least one of the following personal details: name, date of birth, gender, medical record number, insurance information and limited clinical information. In four cases, patients’ social security numbers were accessed.
After discovering the problem, Saint Agnes shut down the e-mail account’s username and password and worked with computer forensics experts to analyze what information was affected.The health system said it is working with its e-mail service provider to evaluate ways to boost its security.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now