PHI Exposed from St. Croix Hospice and Hunt Regional Healthcare Cyberattacks

St. Croix Hospice is a provider of hospice care in the Midwest. The email account of an employee of St. Croix Hospice got accessed by an unauthorized person and patient information may have been compromised.

The hospice knew about data the breach on May 10, 2019 when it noticed suspicious email activity in the employee’s account. A third-party computer forensics firm investigaed the incident and it confirmed the compromise of the email accounts of some employees on April 23, 2019 until May 11, 2019. There is no certainty that patient information was accessed or copied, nonetheless the forensics team confirmed the account was compromised.

The forensics investigators performed a thorough assessment of the affected email accounts to identify which patients had their protected health information (PHI) exposed. They confirmed on June 21, 2019 that PHI was exposed. After the completed assessment, St. Croix Hospice sent notifications to the patients concerning the potential exposure of their PHI including their name, address, Social Security number, financial information, medical insurance records, medical history, and treatment details. The healthcare provider additionally provided all affected patients with credit monitoring and identity theft protection services for free.

St. Croix reported the breach to the Department of Health and Human Services’ Office for Civil Rights. The report stated that 21,407 patients were affected by the breach.

Hunt Regional Healthcare Cyberattack

A cyberattack encountered by Hunt Regional Healthcare in Greenville, TX on May 14, 2019 resulted to the access of its computer network and patient PHI by hackers.

The hackers potentially accessed patient information such as names, telephone numbers, birth dates, ethnicity, religious group and Social Security numbers. The FBI got the hacking incident report and is assisting with the investigation.

Hunt Regional Healthcare claimed that no evidence was found regarding the unauthorized access or theft of data. Nevertheless, it notified patients about the breach as a safety measure and provided free IDExperts credit monitoring and identity theft protection services.

There is no report about the exact number of patients affected by the breach yet.