By HFT Staff

Sabine County Hospital (SCH) experienced a security incident in February that may have exposed patient information maintained by the hospital and clinic. 

On February 12, 2025, SCH discovered that an employee’s email account had been accessed by an unauthorized individual or entity. The initial investigation revealed that the account was used to send a fraudulent invoice to the hospital. This appears to be the primary objective of the breach. 

A thorough and lengthy audit of the compromised account revealed that patient information, contained in internal logs and reports, was present within some of the emails. There is no evidence suggesting that any of this information was accessed or misused. However out of an abundance of caution the hospital has started mailing letters to patients whose information was potentially exposed. A breach notice will also be filed with the Office of Civil Rights. 

In many cases, the information in question was limited to the patient’s name, date of service and service received. In other cases, more detailed demographic information such as patient address, date of birth and gender, and clinical information such as symptoms and diagnosis were included. In a limited number of cases, more detailed clinical information regarding tests and treatment, and financial information, such as Social Security number, Medicare number, insurance carrier, and payments made, could also have been viewed. 

While the risk of exposure of this information appears very low, the hospital suggests that anyone concerned may wish to take the steps listed on the Federal Trade Commission (FTC) site to protect their identity and reduce any anxiety.