Phishing Email Baits Indiana Medical Center, Health Data Exposed

A malicious email compromised the username and password of a St. Vincent Medical Group employee.

When St. Vincent learned of the incident on Dec. 3, 2014, it “immediately shut down the username and password of the impacted account and launched an investigation into the matter,” the company said in a statement.  

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” the statement read.

On March 12, 2015, the hospital determined that the breached email account contained personal health data on hundreds of patients.

Information affected includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Clinical information related to services patients received was also included. Individual medical records and billing records were not accessed.