Friday, January 8, 2021
A Notice to Our Patients
Roper St. Francis Healthcare values the privacy and confidentiality of our patients’ information. While we have no indication that any patient information has been misused, out of an abundance of caution, we wanted to advise of a recent incident that may have involved some of that information. This notice describes the incident, outlines the measures we have taken in response, and sets forth steps you can take.
On Nov. 11, we learned that an unauthorized individual gained access to three employees’ email accounts between Oct. 14 and 29. We immediately took steps to secure the email accounts, began an internal review, and hired a forensic security firm to conduct a thorough investigation into the incident. On Dec. 18, the investigation determined that patient information, which may have included patients’ names, dates of birth, medical records or patient account numbers, and limited clinical and/or treatment information, such as dates of service, locations of service, providers’ names, or billing information, may have been accessed or viewed by the unauthorized individual. In a limited number of instances, patients’ health insurance information and/or Social Security numbers were also identified in the accounts.
This incident did not affect all RSFH patients, but only those patients whose information was included in the three employees’ email accounts involved in this incident.
As a precaution, we are mailing letters to patients whose information was identified in the accounts. We have also established a dedicated, toll-free call center to answer patients’ questions. If you have questions, please call 1-888-498-0916 Monday through Friday, from 9 a.m. to 6:30 p.m. Eastern Standard Time. For those patients whose Social Security numbers were identified in the email accounts, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If patients see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent this from happening again, we are enhancing our email security and providing continued education to our staff on email protection.