HealthcareCISO

Roper St. Francis Healthcare has notified 189,761 patients that some of their protected health information was contained in employee email accounts that were accessed by an unauthorized individual. The email security breach was detected in late October 2020, and the subsequent investigation revealed three email accounts were compromised between October 14 and October 29, 2020.

A review off the email accounts was conducted to determine the information that was potentially accessed. It was not possible to tell if patient information was viewed or exfiltrated, although the attacker would have been able to access names, medical record numbers, patient account numbers, dates of birth, and limited treatment and clinical information, such as dates of service, locations of service, providers’ names, and billing information. The email accounts also contained...