Menu
Browse

Cyber Incident Victim: Saint Agnes Medical Center

Date:

Jan 2021

Location:

United States of America

Summary

Saint Agnes Medical Center experienced a cybersecurity incident that began when an employee’s email account at its sister hospital, St. Alphonsus Health System, was compromised and used to send phishing messages seeking login credentials. The compromised account also facilitated the distribution of breach‑notification letters that contained a mail‑merge error, causing some recipients to be incorrectly identified as deceased or minors.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

Saint Agnes Medical Center experienced a cybersecurity incident that originated with its sister hospital, Saint Alphonsus Health System, which is based in Oregon and Idaho. According to a media release from Saint Agnes, an employee of Saint Alphonsus had their email account compromised by an unauthorized user. The attacker used the compromised employee account to send phishing emails in an attempt to obtain login IDs and passwords from January 4 through January 6. This activity was described as the initial step in the security event that later affected Saint Agnes.

Cyber Incident Image

Following the discovery of the compromised email account, Saint Alphonsus initiated breach notification procedures to inform patients about the email security event. During the generation of the notification letters, a mail merge error occurred that resulted in some letters incorrectly labeling recipients as deceased or as minors. Consequently, certain Treasure Valley residents received letters stating that they were dead, which added confusion and distress to the notification process. Saint Alphonsus explained that the mail merge issue created an incorrect status for some patients when the letters were produced.

Saint Agnes Medical Center issued a media release regarding the incident and later published a press release on March 4 detailing the situation. Saint Alphonsus characterized the episode as involving both a compromised email account and a vendor error, noting that it was not a great month for the hospital. The narrative presented here reflects only the facts provided in the source articles, covering the sequence of events, the attacker’s actions, the detection and response actions, and the resulting impacts on affected individuals.

Sources
Sources available to members
2 sources