A health data breach at Saint Louis University (SLU) affected 3,000 patients. Few SLU employees received a phishing scam mail and gave out their account information by mistake.
About 20 SLU email accounts were accessed by the phishing culprits. These email accounts had protected health information (PHI) of about 3,000 people and about 200 Social Security numbers as well. According to the spokesman, employees’ financial information was the main target of the scam. And while no unauthorized financial transactions occurred, 10 employees changed their direct deposit information.
Affected students were offered one year of free credit monitoring and identity theft protection and restoration to affected students.
The University discovered that some SLU employees provided their account information in response to a sophisticated phishing email scam they received.
A full-scale investigation was started immediately after the University learnt about the incident. Employees who were targeted by the email scam were notified, and their accounts were secured. While about 10 employees had direct deposit information changed, no unauthorized financial transactions occurred.
As it appeared the main target of this scam must have been the direct deposit information of these employees. However, during the investigation, the University learned that the incident also resulted in unauthorized access to about 20 SLU email accounts belonging to approximately 3,000 individuals which contained their personal health information. This was mostly limited to diagnosis, procedure and medical chart information. The email accounts contained about 200 people’s name and Social Security Numbers. At present, there is no evidence to suggest that someone accessed any of the personal information in the emails.
All individuals whose information was in the email accounts affected by the incident are being notified by the University. SLU has also notified law enforcement officials and has engaged the services of a global leader to avoid such incidents in future.
University is providing the affected individuals with one year of free continuous credit monitoring and identity theft protection and restoration. Instructions for signing up for these free services are enclosed in the notification letters.
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.