St. Luke’s Health System, Ltd.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
St. Luke’s Health System, Ltd., based in Boise, Idaho, experienced a data breach involving Nuance Communications, a vendor that uses software made by Progress Software Corporation for file transfers related to clinical documentation services. The software in question, MOVEit Transfer, had a previously unknown vulnerability that was notified to Nuance by Progress Software on May 31, 2023. This vulnerability allowed an unauthorized third party to access and potentially take information from the MOVEit Transfer software[1].
As a result of this incident, personal health information (PHI) of approximately 4,679 patients of St. Luke’s may have been exposed. Nuance Communications took immediate steps to secure its systems and began an investigation. In August, after completing the investigation, Nuance informed St. Luke’s of the breach and the potential exposure of PHI. Nuance has since mailed letters directly to the impacted individuals to notify them of the breach[1].
St. Luke’s has emphasized that the privacy and safety of their patients are their highest priorities and, as such, they are offering complimentary identity theft protection services through IDX, a ZeroFox Company, to support the impacted individuals. Although there is no indication that any financial or payment information was compromised, nor is there evidence to suggest that the patient information has been misused, St. Luke’s is taking additional steps to support those affected[1].
Impacted individuals who received a letter from Nuance can contact Nuance’s toll-free call center for questions and additional information. St. Luke’s has expressed regret for the incident and any inconvenience it may have caused[1].
Citations:
- https://www.stlukesonline.org/blogs/st-lukes/notes-and-announcements/2023/sep/notice-of-vendor-data-breach
- https://www.kmvt.com/2022/07/27/st-lukes-suffers-data-breach-affecting-some-patients/
- https://www.kbtx.com/2024/01/11/nationwide-healthcare-data-breach-impacting-brazos-valley-patients/
- https://www.healthcareitnews.com/news/st-lukes-health-reports-data-beach
- https://www.hipaajournal.com/hipaa-violation-cases/
- https://boisedev.com/news/2022/07/27/st-lukes-data-breach/
- https://www.daytondailynews.com/business/mercy-health-patients-among-giant-data-breach-affecting-89-million-people-company-says/3C6AZ66GOVF2PJ6Z5247U22M5U/
- https://www.stlukesonline.org/blogs/st-lukes/notes-and-announcements/2023/apr/patient-privacy-notice
- https://www.scmagazine.com/news/healthcare-vendor-reports-breach-from-2021-at-least-9-providers-impacted
- https://healthitsecurity.com/news/st-lukes-health-suffers-third-party-data-breach-unrelated-to-commonspirit-attack
- https://www.ktvb.com/article/news/local/st-lukes-doctor-explains-aftermath-ammon-bundys-protests-affected-life-protests-baby-cyrus/277-80ec6de1-44df-4d2a-b01f-f5e4a395533c
- https://www.hipaajournal.com/st-lukes-health-reports-third-party-data-breach/
- https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
- https://www.idstrong.com/sentinel/st-lukes-health-data-breach/
- https://www.securitymagazine.com/articles/99910-nuance-communications-announces-data-breach-affecting-healthcare