FLORA, Ill.—Authorities are investigating an email sent to a small Illinois hospital threatening to release patient data to the public unless the hospital paid the sender a substantial amount of money. The threat was emailed to Clay County Hospital Nov. 2, and the message contained protected health information of some clinic patients.
The hospital immediately notified law enforcement and launched an investigation to determine the source and scope of the incident. All affected patients were notified by mail on Monday.
The compromised data was limited to patients who visited a Clay County Hospital clinic on or before February 2012 and is limited to name, physical address, social security numbers and date of birth. No medical information was accessed or disclosed.
“Extensive reviews from outside forensic experts concluded that Clay County Hospital servers have not been hacked and remain secure due to the rigorous security program that meets the standards set by the HIPAA HITECH Act,” hospital officials said in a statement. “In order to prevent future incidents, Clay County Hospital is implementing extra internal security measures. These include additional logging systems and auditing features to track and control data access.”
Affected patients with questions regarding this incident can visit www.myidcare.com/claycounty or call 1-888-281-7040.