Breach Cause: E-Mail Access

Hospital Employees Inappropriately Share Log-In Info
Breach Cause: E-Mail Access
A health information breach incident at an Indiana hospital points to the need to remind staff members not to share their e-mail credentials.

St. Vincent Indianapolis Hospital reports in a notice on its website that some of its employees "unintentionally revealed their e-mail login information to third parties" on Nov. 15, 2010. This action enabled the third parties to access certain e-mail accounts containing information on about 1,800 patients. Those patients have been notified of the incident as required under the HITECH Act breach notification rule.

The patient information exposed in the breach incident included names, dates of service and certain clinical and diagnostic information.

The Indianapolis Star reported that an outside hacker, claiming to be from within the hospital system, persuaded employees to share their log-in information. So far, no patients have reported any problems as a result of the breach, the newspaper reports, and staff members are being educated about proper use of the e-mail system.

In its website posting, the hospital says it's "taking the necessary and appropriate steps to prevent this type of incident from occurring in the future." A hospital spokesman did not reply to a request for more information.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network