Email phishing attack affects 39K in Texas

Central Texas' Seton Family of Hospitals experienced an email phishing attack in December 2014, that impacted about 39,000 patients.

The attack targeted the user names and passwords of Seton employees, according to a statement on the organization's website. "Upon the determination that an email account had been compromised, the user name and password was immediately shut down. Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected e-mails to determine the scope of the incident. Seton engaged computer forensics experts to assist with the investigation. Through the ongoing investigation of this matter, we determined on February 26, 2015, that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients."

The personal health information in the e-mail accounts included demographic information, medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records.

"Please be assured that Seton is taking steps to mitigate this incident by notifying affected individuals via letter, posting this substitute notice and providing notice to prominent media outlets in the area," according to the organization which is offering identity monitoring and protection services free of charge to those whose Social Security numbers have been affected by the incident. Seton lso is working with its email service provider "to evaluate ways to enhance its already robust security program."