A breach of an employee’s email account in November has potentially exposed the information of thousands of patients at Louisiana State University medical centers.
The hack possibly affects patients cared for at Lallie Kemp Regional Medical Center, Leonard J. Chabert Medical Center, W.O. Moss Regional Medical Center, the former Earl K. Long Medical Center, Bogalusa Medical Center, University Medical Center, and Interim LSU Hospital, according to WAFB9 News
LSU Health says that “it is possible that this information was accessible” but maintains that it is not aware “that the intruder accessed or misused” any information within the electronic mailbox. "When the intrusion was discovered, the LSU Health Care services division’s compliance and privacy department began the difficult and laborious process of identifying any patients whose information may have been compromised. While the exhaustive investigation has found thousands of patients, work continues to discover any others."
The breach was discovered on September 18, with the mailbox disabled the same day.
The type and amount of information varied by care location, and each email message but may have included patients’ names, medical record numbers, account numbers, date of birth, social security number, dates of service, types of services received, phone numbers, and/or addresses, and insurance identification numbers. A few messages contained a patient’s bank account number and health information, including a diagnosis.
Those who received care at any of these facilities are encouraged to monitor their credit reports for potential identity theft. LSU is currently investigating the matter and reviewing its security practices to see if they can be improved to further reduce the risk of a breach in the future. Any changes will be incorporated into information security training required for all employees.