St. Joseph Health System in Bryan, Texas, has suffered a huge breach of protected health information after a server was hacked for parts of three days in December.

The five-hospital delivery system is notifying 405,000 past and present patients, employees, and some employee beneficiaries. Compromised information included names, dates of birth, Social Security numbers, limited medical information and possibly addresses, as well as bank account information for some employees. The hacking apparently originated in China.

A forensics investigation failed to confirm whether any information was accessed and there is no indication that information has been misused, the organization said in a letter to patients, which gave comprehensive information on protecting credit and identity. St. Joseph also is offering affected individuals 12 months of identity protection services from AllClearID.

With this December breach now reported, the incident is the fourth largest breach of protected health information in 2013. Security firm Redspin recently published its annual report on breaches and listed these five breaches as the largest reported to date for 2013:

Advocate Health and Hospitals, (4.03 million patients, theft of desktop computers), Horizon BCBS of New Jersey (839,711 patients, theft of laptop), AHMC Healthcare Inc. (729,000 patients, theft of laptop), Texas Health Harris Methodist Hospital Fort Worth (277,014 patients, improper disposal of microfiche) and Indiana Family & Social Services Administration (187,533 patients, paper documents mailed to the wrong people).

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access