Hackers hit the University of Vermont Health Network

• Elizabethtown Community Hospital suffered a data breach as one of their employee’s email account was remotely accessed by an unauthorized user.
• The hospital confirmed that the data breach did not involve the hospital’s computer networks or electronic medical records.

The University of Vermont Health Network – Elizabethtown Community Hospital suffered a data breach. One of the healthcare organization’s employee’s email account was remotely accessed by an unauthorized user.

The healthcare center is notifying 32,000 potentially-affected patients and confirmed that it will offer free credit and identity theft monitoring service for 1,200 individuals, whose Social Security Numbers were included in the email account.

What happened?

The Elizabethtown Community Hospital has acknowledged the data breach in its website on 17, December 2018. The Hospital confirmed that the incident took place on October 9, 2018, and that it became aware of the incident on October 18, 2018.

The healthcare center conducted a 60-days investigation whic revealed that the breach caused no fraud or identity theft to any patient. The organization also confirmed that the data breach did not involve the hospital’s computer networks or electrical medical records.

“We are very sorry this has happened. We take seriously our responsibility to protect the privacy and confidentiality of the personal information of our patients and employees,” Elizabeth Community Hospital said.

What was compromised?

The compromised email account included patients’ private data such as names, dates of birth, addresses, limited medical information, billing information, medical record numbers, dates of service and a brief summary of the services provided. The email account also contained the Social Security numbers of some individuals.

What preventive measures were taken?

The hospital has taken the following preventive measures in order to prevent such incident from happening in the future:

• Implementing enhanced security features.
• Changing passwords.
• Enhancing the security of their email system.
• Educating employees to assure the protection of their patients’ information.

“While we haven’t determined that any individual record was accessed, we are taking a broad approach in notifying anyone who could possibly be affected by this incident so they can take proactive measures to protect their information. Through our ongoing investigation, it’s possible that we’ll find that fewer individuals were affected,” Elizabethtown Community Hospital said.