sight Sturtz reports: Oswego health has notified an unspecified number of patients about a potential leak of personal info via an employee email account earlier this year. In a letter sent to affected patients, Oswego Health said it had discovered potential unauthorized access to an employee email account between June 11 and June 15. The letter was dated Sept. 30, 2020, but officials did not elaborate on when or how the potential leak was discovered. It took them 3 1/2 months to inquire and notify a breach related to one employee’s email account? i know the pandemic affected a batch of things, but this is significantly beyond the 60 day window in HIPAA for notification. a transgress was first reported on Becker’s on June 17. Becker’s reported that ‘The email account of an employee at Oswego (N.Y.) Health was compromised June 16 by someone not associated with the health system. The hacker used the employee’s account to send an email containing a link to a possibly malicious site. Its case demarcation read “[secure] pt # 18337.”‘ It is not clear, but it is likely that may make been related to the report that an employee’s email account was compromised between June 11- 15. DataBreaches.net had written to Oswego health to try information over the summer, but they had never responded. There does not appear to be any notice on their web site as of the time of this publication and there is no incident listed on HHS’s public breach tool as of the time of this publication. This post may live updated if more information becomes available. Read more on Oswego County tidings Now.