BRYAN (February 4, 2014) St. Joseph Health System Tuesday reported a server breach that may have exposed information about more than about 405,000 former and current patients, employees and the beneficiaries of some employees.
The breach occurred between Dec. 16 and Dec. 18 and involved unauthorized access to a single server that contained patient and employee files, the health system said in a press release Tuesday.
Hackers operating from IP addresses from China and elsewhere breached the server, which contained patient and employee data for St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center, the health system said.
The server was taken offline as soon as the incident was discovered and the health system “launched a thorough forensics investigation with national security and computer forensics experts,” the press release said.
“While it is possible that some information was taken, the forensics investigation has been unable to confirm this,” the press release said, and “ SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.”
The exposed data included a combination of names, Social Security numbers, birth dates and possibly addresses, the press release said.
Medical information about affected patients and bank account information for some affected employees were also accessible, the press release said.
The health system has opened a confidential call center that’s open from 8 a.m. until 8 p.m. Monday through Saturday for those with questions.
The number is (855) 731-6011.
The health system will also offer free identity-theft protection services to affected patients and employees for one year as well as an opportunity to enroll in triple-bureau credit monitoring.