Episcopal Health Services Patients Impacted by Email Hacking Incident

St. John’s Episcopal Hospital and Episcopal Health Services in New York have notified past and present patients that some of their protected health information (PHI) has potentially been compromised.

Episcopal Health Services discovered suspicious activity in the email accounts of several employees on September 18, 2018. The breach was immediately investigated with the help of a third-party digital forensics company. The investigation confirmed that several company email accounts had been compromised between August 28, 2018 and October 5, 2018.

A detailed analysis of the breached email accounts was concluded on November 1. The exposed information varied from one patient to another, with the following information potentially compromised: Name, birth date, Social Security number, medical record number, medical history, diagnoses, treatment data, prescription details, financial information, and health insurance data.

Episcopal Health Services stated in its substitute breach notice that it is taking steps to improve data security. Actions taken so far include a forced reset of all employee email account passwords and extra email security controls to stop unauthorized account access.

No evidence was uncovered to suggest data was stolen or misused, but Episcopal Health Services has offered all patients affected by the breach free one year of credit monitoring services. Because of the sensitive nature of the exposed data, Episcopal Health Services urged patients to monitor their account statements for fraudulent transactions.

The number of patients impacted by the breach has not yet been disclosed by Episcopal Health Services.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/