[ Wednesday, October 09, 2013 ]


SLU Phishing Attack: Here's an interesting HIPAA breach that didn't start out that way.  St. Louis University was hit by a sophisticated (and apparently realistic) phishing attack that allowed a hacker to get access to email accounts and direct deposit information of a handful of SLU employees.  It seems the initial phishing attack was to redirect direct deposits into the hackers' accounts.  Not a HIPAA issue, right?

Upon further review, conducted I'm sure by the inestimable HIPAAcrat Karen Pyatt, it was discovered that the hack also allowed access to a handful of email accounts that contained PHI of about 3000 SLU patients.  Mostly the PHI was diagnosis-related, but some social security numbers were there too.  The 3000 have been notified.

Hat tip: Malvern Group.

Jeff [11:01 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template