Notice of Privacy Incident
A Notice to Our Patients
October 3, 2019
Artesia General Hospital (“AGH”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
On August 5, 2019, an ongoing review of our systems identified evidence that malicious software was previously present on two AGH computers. Although the malicious software had already been removed by our security tools, we began an investigation, and a leading computer forensic firm was engaged to assist. Through the investigation, we determined that the malicious software may have collected some of the emails that were resident on the infected computers on the day the software was installed (April 3, 2019), and may have sent those emails to an unauthorized person. We conducted a comprehensive review of the emails and attachments the software may have collected. On September 10, 2019, we determined that one or more of those emails or attachments contained some patient information, which may have included patient names, dates of birth, medical record or patient account numbers, health insurance information, and treatment and/or clinical information, such as diagnoses, provider names, and prescription information. In limited instances, patients’ Social Security numbers were also included in the emails.
This incident affected only those patients who had information contained in the affected emails, not all AGH patients.
There is no evidence that any patient information has been misused. However, in an abundance of caution, we are mailing letters to patients whose information was identified in the affected emails. We have also established a dedicated, toll-free call center to answer questions for affected patients. If you have questions, please call 1-833-704-9389, Monday through Friday between 7:00 a.m. and 9:00 p.m., or Saturday/Sunday between 9:00 a.m. and 6:00 p.m. Mountain Time. For those patients whose Social Security number was contained in the emails or attachments, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If they see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements.
A Notice to Our Patients
August 27, 2019
Artesia General Hospital (“AH”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
We recently learned that unauthorized emails were being sent from an AH employee’s email account. We secured the account, began an investigation, and a leading computer forensic firm was engaged to assist. On June 28, 2019 the investigation determined that an unauthorized person accessed the account between June 11 and June 18, 2019. The investigation was not able to determine which emails or attachments, if any, were viewed by the unauthorized individual, so we conducted a comprehensive review of the emails and attachments in the account. The review identified some patient information in the account, which may have included patient names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as diagnosis, provider name, and dates of service. In some instances, patients’ Social Security numbers were also included in the account.
This incident did not affect all AH patients; but only those patients who had information contained in the affected email account.
There is no evidence that any patient information has been misused. However, in an abundance of caution, we are mailing letters to patients whose information was identified in the account. We have also established a dedicated toll-free call center to answer questions for affected patients. If you have questions, please call 1.855.347.6549, Monday through Friday between 7:00 a.m. and 7:00 p.m., or Saturday/Sunday between 9:00 a.m. and 6:00 p.m. Mountain Time. For those patients whose social security number was contained in the email account, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If they see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements.