Email Threatens to Release Illinois Clinic Patient Info

Sender wants Clay County Hospital to pay a ransom to prevent health information from being released to the public.
Published: December 17, 2014

FLORA, Ill.—Authorities are investigating an email sent to a small Illinois hospital threatening to release patient data to the public unless the hospital paid the sender a substantial amount of money. The threat was emailed to Clay County Hospital Nov. 2, and the message contained protected health information of some clinic patients.

The hospital immediately notified law enforcement and launched an investigation to determine the source and scope of the incident. All affected patients were notified by mail on Monday.

The compromised data was limited to patients who visited a Clay County Hospital clinic on or before February 2012 and is limited to name, physical address, social security numbers and date of birth. No medical information was accessed or disclosed.

“Extensive reviews from outside forensic experts concluded that Clay County Hospital servers have not been hacked and remain secure due to the rigorous security program that meets the standards set by the HIPAA HITECH Act,” hospital officials said in a statement. “In order to prevent future incidents, Clay County Hospital is implementing extra internal security measures. These include additional logging systems and auditing features to track and control data access.”

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Affected patients with questions regarding this incident can visit www.myidcare.com/claycounty or call 1-888-281-7040.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series