CHI St. Luke's Health-Memorial Lufkin (Texas) on June 19 began notifying patients that an unauthorized third party gained access to patients' protected health information in April.
Four details:
1. Patient information affected by the breach includes names, diagnoses, dates of services and facility account numbers. Patients' EHRs were not involved in the breach.
2. The hospital on April 23 discovered patient information in two employee email accounts may have been accessed by an unauthorized third party.
3. CHI St. Luke's Health discovered the exposure while investigating a security event involving one of its servers, which it learned about March 25.
4. The hospital launched an investigation into the incident and has since reset passwords across the facility, replaced and upgraded hardware, made software changes, and altered network access processes.