Saint Alphonsus Health System and Saint Agnes Medical Center, both part of Livonia, Mich.-based Trinity Health, confirmed March 4 that a recent email hacking incident has exposed some patients' personal information.
Trinity Health and Boise, Idaho-based St. Alphonsus discovered unusual activity related to an employee email account on Jan. 6. The health systems investigated the incident and determined that an employee email account may have been accessed by an unauthorized user between Jan. 4-6.
Trinity Health and St. Alphonsus secured the email account immediately after discovering the unusual activity. Initially, the health systems thought the incident only affected Saint Alphonsus but later discovered that some of the compromised information from the email account belonged to Fresno, Calif.-based Saint Agnes patients since Saint Alphonsus manages hospital billing for both systems.
The hacker used the compromised Saint Alphonsus employee email account to send phishing emails to get login IDs and passwords. Patient information accessible within the email account included names, addresses, birth dates, medical record numbers, billing details and some Social Security numbers.
The health systems said they have increased security measures, including re-training employees to avoid being involved in future cyberattacks, according to a news release.
Trinity Health comprises 92 hospitals across 22 states.