Cyber Incident Victim: Saltzer Health

Saltzer Health, a healthcare provider based in Idaho, experienced a breach of its email environment that was identified on June 1, 2021. The unauthorized access occurred over an eight-day period between May 25, 2021, and June 1, 2021. Upon discovery, the organization immediately implemented measures to prevent further unauthorized access to the compromised email account. A subsequent investigation confirmed that an external actor had infiltrated the account during this timeframe. While investigators could not definitively determine whether patient information was accessed or exfiltrated during the breach, Saltzer Health engaged third-party specialists to conduct a comprehensive review of the account's contents. This forensic analysis, completed on September 21, 2021, verified that the email account contained protected health information belonging to 15,650 patients.

The compromised data included multiple categories of sensitive information: patient names, contact details, medical record numbers, patient identification numbers, driver's license or state identification numbers, medical histories, diagnoses, treatment details, physician information, prescription data, and health insurance information. A limited subset of records also contained Social Security numbers and financial account information. Following the completion of the forensic review, Saltzer Health initiated notification procedures by mailing letters to all affected individuals. The organization did not publicly disclose specific technical details regarding the breach mechanism or whether multi-factor authentication was in place for the compromised email account. No evidence of actual misuse of the exposed information was reported at the time of disclosure, though the breach investigation could not rule out potential access or theft of PHI during the unauthorized access period.