Saint Agnes data breach exposed personal info. Here’s what hackers may know about you
A data breach at Saint Agnes Medical Center and its sister hospital Saint Alphonsus Health System in Idaho may have exposed a trove of patient personal information.
Saint Agnes was made aware of the breach on Feb. 5 after officials at Saint Alphonsus discovered an employee’s email had been compromised by an unauthorized user. The hacker used the employee’s email to send phishing emails on Jan. 4-6 in an attempt to try and get other login IDs and passwords.
Both hospital systems became involved because Saint Agnes’ billing process is handled by Saint Alphonsus. The two medical centers are part of Trinity Health, a multi-institutional Catholic health care provider serving more than 30 million people across 22 states.
A news release provided by Saint Agnes did not include a number of how many patients may have been affected by the data breach.
Letters sent to impacted patients
What officials did say is that a letter was sent to each of the patients included in the investigation, explaining the full details of what happened; the immediate actions taken by Trinity Health, Saint Alphonsus and Saint Agnes to address the incident; and how the incident may affect the privacy of certain information related to them. All patients were also offered a free credit monitoring service.
It is unclear if anyone’s personal information was used. What is known is the type of information that was accessible.
The information included: patient name, address, telephone, date of birth, email, and medical information such as medical record number, treatment information and billing information.
“Saint Agnes deeply regrets any inconvenience or concern this situation may have caused its patients. It is believed to be an unfortunate and isolated incident,” the news release states.
This story was originally published March 5, 2021 at 5:13 PM.
