SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Break Into Server at St. Joseph Health System Putting 405,000 at Risk

Attack Exposes 405,000 Individuals at Texas Health Care Provider

Attack Exposes 405,000 Individuals at Texas Health Care Provider

St. Joseph Health System (SJHS), a Bryan, Texas-based not-for-profit health care provider, said on Tuesday that between Dec. 16 and Dec. 18, 2013, the organization experienced a data security attack which exposed patient and employee data stored on server.

According to the provider of health services, attacker(s) hacked into a server and accessed patient and employee data files from St. Joseph Regional Health Center, Burleson St. Joseph Health Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center.

The data accessible to attackers included a combination of names, social security numbers, dates of birth, and possibly addresses, the organization said. For the affected patients, medical information was also accessible, and for some employees, bank account information was exposed.

The attackers appeared to be operating from IP addresses in “China and elsewhere”, the organization said.

“As soon as the incident was discovered, SJHS took the affected server offline and launched a thorough forensics investigation with national security and computer forensics experts,” a statement explained. “The investigation, which is ongoing, confirmed that approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information was accessible to the unauthorized parties.”

“While it is possible that some information was taken, the forensics investigation has been unable to confirm this,” the statement continued. “SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.”

Affected individuals whose information was accessible are receiving notification letters by mail in the coming days providing them information on this incident.

Advertisement. Scroll to continue reading.

For individuals who may have been affected by the incident, SJHS said it would provide a confidential call center to handle questions related to the breach, along with free identity protection services for one year for affected patients and employees.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
March 12, 2025

Join this in-depth briefing on how to protect executives and the enterprises they lead from the growing convergence of digital, narrative, and physical attacks.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cybersecurity firm Absolute Security announced Harold Rivas as its new CISO.

Simon Forster has been named the new General Manager of DNS security firm Quad9.

Cybersecurity training company Immersive has named Mark Schmitz as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.