Breach Cause: E-Mail Access
Hospital Employees Inappropriately Share Log-In InfoSt. Vincent Indianapolis Hospital reports in a notice on its website that some of its employees "unintentionally revealed their e-mail login information to third parties" on Nov. 15, 2010. This action enabled the third parties to access certain e-mail accounts containing information on about 1,800 patients. Those patients have been notified of the incident as required under the HITECH Act breach notification rule.
The patient information exposed in the breach incident included names, dates of service and certain clinical and diagnostic information.
The Indianapolis Star reported that an outside hacker, claiming to be from within the hospital system, persuaded employees to share their log-in information. So far, no patients have reported any problems as a result of the breach, the newspaper reports, and staff members are being educated about proper use of the e-mail system.
In its website posting, the hospital says it's "taking the necessary and appropriate steps to prevent this type of incident from occurring in the future." A hospital spokesman did not reply to a request for more information.