[BreachExchange] Email breach at Chicago’s Sinai Health System puts data of 12,000 at risk

Destry Winant destry at riskbasedsecurity.com
Mon Jan 6 10:15:39 EST 2020


https://www.healthdatamanagement.com/news/email-breach-at-chicagos-sinai-health-system-puts-data-of-12-500-at-risk

A data security incident at Chicago-based Sinai Health System may have
exposed the personal and health information of about 12,000 patients.

In October, data forensic specialists determined that patient
information could be at risk after an unknown third party gained
unauthorized access to the email accounts of two employees at the
four-hospital delivery system.

The forensics investigation found no evidence that any patient
information was removed from Sinai Health’s email accounts or systems.
The organization also is not aware of any misuse of patient
information, and security executives say they’ve seen no indication
that any patient data is in unauthorized hands.

Protected health information in the two email accounts included
patients’ names, addresses, dates of birth, Social Security numbers,
and health and health insurance information.

Sinai Health System’s notice letter of the data security incident does
not mention whether the system will be offering protective services,
such as credit monitoring or identity theft protection, to affected
patients, but the letter assures patients that the security of patient
information is a high priority.

“Sinai has taken steps to prevent a similar incident from occurring in
the future, including resetting employee email passwords, conducting
employee training and enhancing email filtering protocols,” the
organization told patients.

Sinai Health System also has reviewed and revised information security
policies that include email retention procedures and is increasing
security of email systems and the organization’s information networks.

“Sinai Health System sincerely regrets any inconvenience that this
incident may cause patients and remains dedicated to protecting
patients’ personal and health information,” its letter to patients
noted.

Additional information from Sinai Health System was not immediately available.


More information about the BreachExchange mailing list