Saint Agnes Health Care Inc. Data Breach (2015)

Hackers accessed personal information of about 25,000 patients at Saint Agnes Health Care Inc. The breach resulted from an email phishing incident that targeted employee email accounts to access protected health information. The Baltimore health system on Monday said it sent letters to 25,000 individuals notifying them of the incident, which compromised at least one of the following personal details: name, date of birth, gender, medical record number, insurance information and limited clinical information. In four cases, patients' social security numbers were accessed. After discovering the problem, Saint Agnes shut down the email account's username and password and worked with computer forensics experts to analyze what information was affected. The health system said it is working with its email service provider to evaluate ways to enhance its security. Saint Agnes is offering free identity monitoring services for individuals affected by the breach.