HIPAA Blog

[ Wednesday, October 09, 2013 ]

SLU Phishing Attack: Here's an interesting HIPAA breach that didn't start out that way. St. Louis University was hit by a sophisticated (and apparently realistic) phishing attack that allowed a hacker to get access to email accounts and direct deposit information of a handful of SLU employees. It seems the initial phishing attack was to redirect direct deposits into the hackers' accounts. Not a HIPAA issue, right?

Upon further review, conducted I'm sure by the inestimable HIPAAcrat Karen Pyatt, it was discovered that the hack also allowed access to a handful of email accounts that contained PHI of about 3000 SLU patients. Mostly the PHI was diagnosis-related, but some social security numbers were there too. The 3000 have been notified.

Hat tip: Malvern Group.

Jeff [11:01 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template