Sabine County Hospital reports email breach exposing patient data
Learn More
Sabine County Hospital in Hemphill, Texas, reports a breached employee's email account that occurred in February 2025, potentially compromising patient information.
The hospital discovered the breach on February 12, 2025, when investigators confirmed that the compromised email account had been used to send a fraudulent invoice to the organization.
The incident appears to have been caused by a phishing attack. The apparent primary objective was the sending of fraudulent invoices. Subsequent audit revealed that patient information contained in internal logs and reports was present within some of the accessed emails.
The exposed data includes:
- Patient names
- Dates of service
- Service details received
- Patient addresses
- Dates of birth
- Gender information
- Clinical information including symptoms and diagnoses
- Detailed clinical information regarding tests and treatment
- Social Security numbers
- Medicare numbers
- Insurance carrier information
- Payment and financial data
The number of affected individuals is not disclosed. The organization has also implemented staff education initiatives to help prevent future phishing incidents.
Affected patients have been advised to monitor their credit reports, consider implementing credit freezes, and watch for potential identity theft indicators. The hospital has provided contact information for patients with questions about the incident, directing them to reach privacy officer Stacey Ebarb at 409-787-5005 or toll-free at 1-855-730-6680.
