Hill Country Memorial Hospital on April 21 notified patients and job applicants about a privacy event that may have compromised their personal information.
An unauthorized individual not affiliated with the Fredericksburg, Texas-based community hospital accessed an employee's email account on Feb. 21. The email account contained information related to some patients and job applicants, including names, Social Security numbers and diagnosis information.
Hill Country Memorial secured the affected email account and notified law enforcement. Investigators believe the individual accessed the email account to submit fraudulent invoices to Hill Country Memorial's accounts payable department for payment. The hospital cannot confirm whether the individual viewed or misused any emails in the account.
"This was a phishing attempt, and after a professional forensics analysis, we have no reason to believe any data was compromised," Hill Country Memorial CIO John Mason told Becker's Hospital Review in an emailed statement. "We responded out of an abundance of caution and with the highest regard for the information of those potentially affected. Hill Country Memorial is committed to information security, and we take this matter very seriously."
Hill Country Memorial is offering one year of free credit protection services to all potentially affected individuals. The hospital also set up a dedicated incident response hotline and is implementing additional data security measures for its email system to prevent future privacy incidents.
Click here to view the full privacy notice.