Roper St. Francis Healthcare Phishing Attack Impacts Approximately 190,000 People

by | Feb 3, 2021

Roper St. Francis Healthcare has made contact with 189,761 patients to make them aware that a portion of their protected health information was included in the staff employee email account to which access was illegally obtained.

In late October 2020 the email security breach was first noticed. Upon further investigation it was discovered that three email accounts were illegally accessed at some point between October 14 and October 29, 2020.

A investigation into the email accounts impacted to ascertain what range of information that was potentially accessed. It was not possible to deduce if patient information was viewed or downloaded, although the hacker would have been able to view names, medical record info, patient account details, dates of birth, and and some treatment/clinical data. The email accounts also held the health insurance information and Social Security numbers of a small group of patients.

Roper St. Francis Healthcare has offered free credit monitoring and identity theft protection services to those whose Social Security number may have been compromised. Measures have been implemented to enhance email security and employees have been provided with further training on email security provided to staff in order to avoid breached like this occurring going forward.

New York Center for Alternative Sentencing and Employment Services Reports Email Incident

The Center for Alternative Sentencing and Employment Services (CASES) in New York has identified a security breach where the email accounts of certain employees have been accessed illegally. Hackers had access to the email accounts between July 6 and October 4, 2020.

An investigation of the breach showed the hackers stole emails from the accounts that incorporated patient data. Measure have been put in place to enhance email security and the workforce has received additional security staff awareness training and HIPAA training.

Einstein Healthcare Network Issues More Notifications About August 2020 Email Security Breach

Einstein Healthcare Network is alerting patients about a cybersecurity breach that was identified during summer 2020. The Pennsylvania-based healthcare supplier, which manages medical clinics in Philadelphia, Elkins Park, and East Norriton, discovered unusual email account activity on August 10, 2020. The incident was reviewed and it was determined that multiple employee email accounts had been viewed by an unauthorized person between August 5, 2020 and August 17, 2020.

A review of the impacted email accounts was carried out to determine whether they contained any patient information. The review showed emails and attachments contained the following range of patient data: Names, dates of birth, medical record data, patient account numbers, diagnoses, medications, provider names, sort of treatment, and where treatment was administered. The types of information in the accounts was different from patient to patient, which for some patients also incorporated Social Security numbers and health insurance data.

It could not be determines whether the unauthorized individual saw or removed patient data while access to the email accounts took place. Einstein Healthcare Network issued a batch of breach notification letters to individuals potentially impacted by the incident starting on October 9,2020. The breach was made known to the HHS’ Office for Civil Rights the same day. The OCR breach portal lists the incident as impacting 1,821 patients.

The Einstein Healthcare Network’s substitute breach notice stated: “We continued our investigation, which concluded on November 16, 2020, and additional letters are mailing between January 21, 2021 and February 8, 2021.”


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy