[BreachExchange] Compromised email account leads to Saint Francis Ministries data breach

Destry Winant destry at riskbasedsecurity.com
Thu Apr 16 10:18:32 EDT 2020


An unauthorized party gained entry into an an employee’s email account
at Saint Francis Ministries, accessing sensitive personal identifying
information, as well as financial and protected health data.

In an online notification and corresponding press release, the Salina,
Kan.-based non-profit organization said the actor accessed the account
between Dec. 13 and 20 of 2019. Saint Francis first noticed the
anomalous activity on Dec. 19, confirmed the illegal access on Feb. 12
and determined on March 24 that data belonging to multiple individuals
was exposed.

Affected information includes social security numbers, birth dates,
driver’s licenses and state IDs, bank and financial account numbers,
payment card numbers, treatment and diagnosis information,
prescription information, provider names, medical record numbers and
patient IDs, Medicare and Medicaid numbers, health insurance
information, treatment cost information, and credentials (usernames
and passwords).

SC Media contacted Saint Francis for clarification on whether the
exposed data belongs to recipients of its services, employees of the
organization, or both. Morgan Rothenberger, director of marketing and
communications, replied, “We are still in the process of determining
the relationships affected individuals have to Saint Francis
Ministries. We will notify affected individuals on a rolling basis and
as required by the applicable notification statutes. “

Saint Francis asserts that it is “unaware of any actual or attempted
misuse of any personal or protected health information relating to
this incident.” The organization said that this week it will mail
notices to impacted individuals, warning them to review account
statements, credit reports and explanation of benefits forms for
suspicious red flags, and to watch out for identity theft and fraud
schemes. It will also offer recipients 12 months of free credit
monitoring and/or identity theft restoration services.

“While we have security measures in place to protect information in
our care, we are also taking steps to implement additional safeguards
and review policies and procedures in order to protect the security of
information on our systems,” Saint Francis said in its online
statement. “Specifically, Saint Francis immediately changed the
credentials for the email account once it detected the suspicious

Saint Francis offers services related to adoption, foster care,
behavioral health, migrant and refugee initiatives, and more. It has
locations based in Arkansas, Kansas, Mississippi, Nebraska, Oklahoma,
Texas and Central America.

More information about the BreachExchange mailing list