Sacred Heart Health System recently sent letters to approximately 14,000 patients informing them of a hacking attack which targeted one of its third-party billing vendors. Specifically, hackers were able to use a deceptive technique known as a phishing attack to gain access to the e-mail account of an employee of the billing vendor.
The attack resulted in certain patient health information being compromised which included patient names, date of service, date of birth, diagnosis and procedure, total charges and physician name. Approximately 40 individuals' social security numbers were also compromised. However, the hackers did not gain access to patients’ medical records.
Upon receiving notice of the incident on Feb. 2, Sacred Heart, in cooperation with the billing vendor, immediately launched a thorough investigation into the matter. Sacred Heart engaged computer forensics experts who were able to conduct an analysis to help determine the scope of the incident and accurately identify all individuals affected.
"We value the privacy and security of patient information, and regret this unfortunate incident," said Genevieve Harper, Privacy Officer for Sacred Heart Health System." "It is our priority to support those who have been affected."
"We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future." Harper said. "Specifically, we are working with our billing vendor to ensure they are continually evaluating and modifying their practices to enhance the security and privacy of all confidential and/or sensitive information in their possession.”
Concerned individuals may wish to obtain a free credit report from each of the credit reporting bureaus – Equifax, Experian and TransUnion. The credit bureaus’ information is below:
Equifax 800-525-6285 www.equifax.com
Experian 888-397-3742 www.experian.com
TransUnion 800-680-7289 www.transunion.com
Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been affected by the incident.
Affected individuals may call 1-877-244-8984, Monday through Friday, 8 a.m. to 6 p.m. CST with questions.
This article originally appeared on Santa Rosa Press Gazette: Sacred Heart informs patients of phishing attack