Thursday, September 3, 2020
A Notice to Our Patients
Roper St. Francis Healthcare values the privacy and confidentiality of our patients’ information. We have no indication that any of your information has been misused, but out of an abundance of caution, we want to advise you of a recent incident that may have involved some of your information. This notice describes the incident, outlines the measures we have taken in response, and sets forth steps you can take.
On July 8, we learned that an unauthorized individual gained access to an employee’s email account between June 13 and 17. We immediately took steps to secure the email account, began an internal investigation, and a leading forensic security firm was engaged to conduct a thorough investigation into the incident. The investigation determined that patient information, which may have included patients’ names, dates of birth, medical record or patient account numbers, and limited clinical and/or treatment information, such as providers’ names, diagnoses, and/or procedure information, may have been viewed by the unauthorized individual. In a limited number of instances, patients’ health insurance information and/or Social Security numbers were also included in the account.
This incident did not affect all Roper St. Francis Healthcare patients, but only those patients whose information was included in the employee’s email account.
As a precaution, we are mailing letters to patients whose information was identified in the account. We have also established a dedicated, toll-free call center to answer patients’ questions. If you have questions, please call 1-888-498-0916, Monday through Friday, from 9 a.m. to 6:30 p.m. Eastern Time. For those patients whose Social Security numbers were included in the email account, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If patients see services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent this from happening again, we are enhancing our email security and providing continued education to our staff on email protection.