[ Wednesday, October 09, 2013 ]
SLU Phishing Attack:
Jeff [11:01 AM]
Here's an interesting HIPAA breach
that didn't start out that way. St. Louis University was hit by a sophisticated (and apparently realistic) phishing attack that allowed a hacker to get access to email accounts and direct deposit information of a handful of SLU employees. It seems the initial phishing attack was to redirect direct deposits into the hackers' accounts. Not a HIPAA issue, right?
Upon further review, conducted I'm sure by the inestimable HIPAAcrat Karen Pyatt, it was discovered that the hack also allowed access to a handful of email accounts that contained PHI of about 3000 SLU patients. Mostly the PHI was diagnosis-related, but some social security numbers were there too. The 3000 have been notified.
Hat tip: Malvern Group.
Blogger: HIPAA Blog - Edit your Template