St. Luke’s Health reported a data breach involving almost 17,000 patients, as a result of a hack into a third-party vendor’s email system. Two employees of the vendor had their email accounts hacked which lead to the breach of personally identifiable information, diagnoses, and other elements of PHI.
It is vital to ensure that third-party vendors who have access to your PHI/PII are fully vetted from a HIPAA Security & Privacy perspective.