Cyber Incident Victim: Seton Family of Hospitals
Date:
Dec 2014
Location:
United States of America
Summary
Seton Family of Hospitals experienced a phishing attack compromising an employee email account containing patient data, affecting approximately 39,000 individuals. Exposed information included names, addresses, dates of birth, genders, medical record numbers, insurance details, limited clinical information, and some Social Security numbers. The organization disabled the affected credentials, conducted a forensic investigation, collaborated with their email provider to bolster security, and provided additional employee training on phishing. Notifications were sent to all impacted patients, with identity monitoring services offered to those whose Social Security numbers were involved.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 4, 2014, a phishing attack compromised an employee email account at Texas-based Seton Family of Hospitals, exposing protected health information. The organization discovered through subsequent investigation that the breached account contained patient data, though the exact mechanism of unauthorized access wasn't detailed in public disclosures. Seton confirmed on February 26, 2015, that the compromised email account held personal information belonging to approximately 39,000 patients. The exposed data included names, addresses, dates of birth, gender markers, medical record numbers, insurance details, and limited clinical information, with Social Security numbers affected in some cases. While the attack vector was identified as phishing, no specifics about the malicious actors or their operational methods were disclosed by the healthcare provider.
Seton Family of Hospitals initiated response measures by immediately disabling the compromised username and password credentials following the breach discovery. The organization engaged computer forensics experts to conduct a comprehensive investigation that involved electronic analysis and manual review of affected emails to determine the incident's full scope. Between the December 2014 phishing incident and the February 2015 confirmation of compromised data, Seton worked to identify all impacted individuals. In April 2015, the healthcare provider began notifying all 39,000 affected patients and implemented additional security enhancements in collaboration with its email service provider. For patients whose Social Security numbers were exposed, Seton offered complimentary identity monitoring and protection services, while all notified individuals received information about the breach's nature and extent through official communications posted on the seton.net website. The organization also committed to reinforcing employee cybersecurity training programs with specific emphasis on phishing attack recognition and prevention.