Phishing emails blamed for St. John’s Riverside Hospital data breach

A phishing attack at St. John’s Riverside Hospital has exposed the sensitive information of at least 2,238 individuals.

What happened

According to Claim Depot, in September 2025, the hospital detected unauthorized access to a limited number of employee email accounts with the intention of spreading phishing emails and rerouting funds. Upon discovery, the hospital secured its systems by changing passwords, revoking session tokens, and resetting multifactor authentication (MFA). They also engaged with data security and privacy professionals to investigate the incident.

Going deeper

The investigation revealed that the breach exposed personally identifiable information (PII) and protected health information (PHI) of at least 2,238 individuals across the US It also revealed that the data involved could include:

• Name
• Date of birth
• Social Security number
• Driver’s license or state identification number
• Financial account number
• Health insurance details
• Medical condition information
• Treatment provider name
• Medical record number
• Treatment cost information
• Diagnosis or treatment information

What was said

According to the data breach notice, the hospital reassures affected individuals, noting that “There is no indication that personal information has been misused for the purposes of identity theft or fraud.” The breach notice further states that “Note that this describes general categories of information identified as present within the affected St. John’s Riverside Hospital accounts during the incident and includes categories that are not relevant to each individual whose information may have been present.”

Why it matters

According to Paubox, phishing is the leading cause of healthcare data breaches, serving as the primary entry point for more sophisticated attacks like ransomware and credential theft. Microsoft’s recent takedown of a phishing operation targeted at least 20 healthcare organizations by stealing Microsoft 365 login details. These incidents demonstrate the widespread nature of phishing attacks and how easily attackers can exploit trusted tools, making strong email security and staff awareness essential.

The use of HIPAA compliant email services, like Paubox, can reduce the risk of phishing by providing encrypted, secure communication channels that protect sensitive information from being intercepted or accessed by unauthorized users. This adds an important layer of defense for healthcare organizations against email-based threats.

FAQS

What is phishing?

Phishing is a type of cyberattack where criminals use fake emails, text messages, or websites to trick people into sharing sensitive information, such as passwords, login details, or financial data.

What is the difference between PHI and PII?

PII is any information that can identify an individual, such as a name or Social Security number. On the other hand, PHI is a type of PII that relates specifically to a person’s health or healthcare and is protected under HIPAA.