TX: Hunt Regional Medical Center Notifies Patients of Possible Breach Due to Hack of Employee Email
This breach notification is dated June 29, but just appeared on HHS’s breach tool today with that submission date to them.
Hunt Regional Medical Center Notifies Patients of Data Security Incident
Greenville – Hunt Memorial Hospital District (“Hunt”) has notified patients of a data security incident that took place last month.
On May 1, 2018, Hunt learned that an unauthorized user accessed its Home Health email system through the email account of an employee of Hunt Regional Home Health and sent an email to certain internal users of Hunt’s email system. Although email did not contain any patient protected health information, Hunt was unable to definitively rule out whether the unauthorized user otherwise accessed protected health information while in the system. By having access to the email system, it is possible that the unauthorized user could have had access to personal information of Hunt’s Home Health patients whose information was accessible by the Hunt employee whose email account was compromised. Hunt has reported this incident to the FBI and will fully cooperate with its investigation.
Hunt recently sent letters to those patients who may have been affected by this incident. Although there is no evidence indicating that patients are at risk for identity theft, the letters informed those patients that Hunt is offering them identity theft protection services through ID Experts® to provide them with MyIDCareTM. MyIDCare services include: Twelve months of credit monitoring, a $1,000,000 insurance reimbursement policy, exclusive educational materials, and fully managed ID theft recovery services. More information can be found in the letters provided to those patients who may have been affected.
A variety of administrative, physical, and technical security measures were in place prior to this incident. After the incident, Hunt has taken steps such as reviewing its policies and procedures and retraining our employees on the proper handling and protection of login credentials to prevent mistakes such as this from occurring in the future. Hunt continues to assess its privacy and security controls to prevent future breaches.
Hunt takes its patients’ privacy and the security of information very seriously and deeply regrets any inconvenience this incident may have caused. Patients should call (888) 813-7480 for assistance or with any additional questions.