Idaho healthcare system suffers breach impacting more than 134,000 individuals
Saint Alphonsus Health System, a healthcare provider in Boise, Idaho, suffered a security breach that impacted 134,906 individuals, according to the Office for Civil Rights (OCR) breach portal.
In a security notice posted on its website, Saint Alphonsus said it became aware of unusual activity related to an employee email account on January 6. The ensuing investigation determined that the employee email account may have been subject to unauthorized access from January 4 to January 6. As soon as the activity was identified, the email account was secured and other measures were taken, including the re-training of employees to promote awareness of cyberattacks, according to Saint Alphonsus.
Saint Alphonsus emailed potentially impacted individuals to notify them of the information that may have been accessed during the breach. This information included:
- Address
- Billing information
- Date of birth
- Full name
- Medical record number
- Telephone
- Treatment information
The information may have included Social Security number or credit card number for a limited number of individuals, according to the security notice.
Saint Alphonsus is unaware of any misuse of the information, but the organization encouraged individuals to remain vigilant against identity theft and fraud by reviewing account statements, explanation of benefits, and credit reports.