Texas-Sized Health Hacking Hits 405K

St. Joseph Health System in Bryan, Texas, has suffered a huge breach of protected health information after a server was hacked for parts of three days in December.

The five-hospital delivery system is notifying 405,000 past and present patients, employees, and some employee beneficiaries. Compromised information included names, dates of birth, Social Security numbers, limited medical information and possibly addresses, as well as bank account information for some employees. The hacking apparently originated in China.

A forensics investigation failed to confirm whether any information was accessed and there is no indication that information has been misused, the organization said in a letter to patients, which gave comprehensive information on protecting credit and identity. St. Joseph also is offering affected individuals 12 months of identity protection services from AllClearID.

With this December breach now reported, the incident is the fourth largest breach of protected health information in 2013. Security firm Redspin recently published its annual report on breaches and listed these five breaches as the largest reported to date for 2013:

Advocate Health and Hospitals, (4.03 million patients, theft of desktop computers), Horizon BCBS of New Jersey (839,711 patients, theft of laptop), AHMC Healthcare Inc. (729,000 patients, theft of laptop), Texas Health Harris Methodist Hospital Fort Worth (277,014 patients, improper disposal of microfiche) and Indiana Family & Social Services Administration (187,533 patients, paper documents mailed to the wrong people).

For reprint and licensing requests for this article, click here.