A Notice to Our Patients
Artesia General Hospital (“AH”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
We recently learned that unauthorized emails were being sent from an AH employee’s email account. We secured the account, began an investigation, and a leading computer forensic firm was engaged to assist. On June 28, 2019 the investigation determined that an unauthorized person accessed the account between June 11 and June 18, 2019. The investigation was not able to determine which emails or attachments, if any, were viewed by the unauthorized individual, so we conducted a comprehensive review of the emails and attachments in the account. The review identified some patient information in the account, which may have included patient names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as diagnosis, provider name, and dates of service. In some instances, patients’ Social Security numbers were also included in the account.
This incident did not affect all AH patients; but only those patients who had information contained in the affected email account.
There is no evidence that any patient information has been misused. However, in an abundance of caution, we are mailing letters to patients whose information was identified in the account. We have also established a dedicated toll-free call center to answer questions for affected patients. If you have questions, please call 1.855.347.6549, Monday through Friday between 7:00 a.m. and 7:00 p.m., or Saturday/Sunday between 9:00 a.m. and 6:00 p.m. Mountain Time. For those patients whose social security number was contained in the email account, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If they see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements.