Illinois hospital reports data blackmail

Clay County Hospital, a medium-sized hospital chain in the state, received an anonymous email on Nov. 2 that asked for "a substantial payment" to avoid patient data being released. The email included "protected health information" of some patients, it said Monday.

The hospital says it immediately notified law enforcement agencies.

An investigation discovered the data relates to patients who visited Clay County Hospital clinics on or before February 2012. A hospital representative declined to disclose how many people are involved but said the data is limited to their names, addresses, Social Security numbers and dates of birth. No medical information was compromised in the breach, they said.

The hospital believes the data has not been released so far. It didn't disclose how the data was obtained but said an audit by an outside expert concluded the hospital hadn't been hacked.

A recent report by the Identity Theft Report Center found that by early December there had been 304 breaches so far this year in the U.S. healthcare sector. That's 42 percent of the 720 breaches reported across the country. But, in part because of the massive breaches at major retailers, the entire healthcare sector only accounted for 9.7 percent of all records compromised in reported breaches so far in 2014.

The healthcare industry is more closely regulated than others, and federal regulations require the disclosure of breaches involving at least 500 people. Non-health corporations are not always held to the same standard, so the number of breaches reported is not necessarily comparable.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com