The good news is so far that there are no reports of anyone’s data being used yet..and let’s hope it stays that way. Normally we see a lot of 3rd party contractors at blame for many of what occurs in healthcare breaches but not this one apparently. The full press release can be read below. The IP addresses listed where the unauthorized access was gained were in China and elsewhere.
I remember I want to say it was about 3 years ago we had a data invasion here in Los Angeles from folks in China through the main internet connection in LA. It was weird as they penetrated and security experts just sat by and watched as there was not a lot they could do and after a short period those penetrating backed off and went home. It was a wild one and nobody had ever seen anything like it before.
The usual procedures are in place for a year’s worth of free credit monitoring. Once found the server was immediately taken offline. More than 400,000 patients and former and current employees files were subject to the breach. BD
St. Joseph Health System (SJHS), a not-for-profit integrated Catholic health care delivery system, confirmed that between Monday, December 16 and Wednesday, December 18, 2013, the organization experienced a data security attack in which certain parties gained unauthorized access to a single server containing patient and employee files on its computer system.
The unauthorized parties, operating from IP addresses in China and elsewhere, accessed a server storing patient and employee data for St. Joseph Regional Health Center, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center.
The safety and security of our patients’ and employees’ personal information is very important to SJHS, and we regret any inconvenience or concern that this matter may have caused.
As soon as the incident was discovered, SJHS took the affected server offline and launched a thorough forensics investigation with national security and computer forensics experts.
The investigation, which is ongoing, confirmed that approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information was accessible to the unauthorized parties.
While it is possible that some information was taken, the forensics investigation has been unable to confirm this. SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.
The data that was accessible included a combination of affected individuals’ names, social security numbers, dates of birth, and possibly addresses.
For the affected patients, medical information was also accessible. For some of the affected employees, bank account information was also accessible.
Affected individuals whose information was accessible are receiving notification letters by mail in the coming days providing them information on this incident.
SJHS is dedicated to the privacy and safety of patient and employee information and deeply regrets any potential impact this incident could have.
Consistent with our values, we are diligently pursuing all avenues to protect the interests of the individuals we serve.
To further serve the individuals who may have been affected by this incident, St. Joseph will provide:
A confidential call center operating from 8:00 a.m. to 8:00 p.m. CST, Monday-Saturday. This call center will handle questions on this incident and identity protection, and can be reached at (855) 731-6011
Free identity protection services for one year to affected patients and employees.
The opportunity to enroll for free in triple-bureau credit monitoring to affected patients and employees.
To guard against something like this from happening again, St. Joseph is taking appropriate additional security measures to strengthen the security of its system.
SJHS encourages its current and former employees and patients to protect against possible identity theft or other financial loss by reviewing account statements and explanations of benefits statements for any unusual activity, notifying credit card companies of this notice, and monitoring credit reports.
Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
At no charge, individuals can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify identity prior to granting credit.
Should an individual wish to place a fraud alert, or have questions regarding his/her credit report, please contact any one of the following agencies:
Equifax, P.O. Box 740241,
Atlanta, GA 30374, 800-685-1111, www.equifax.com;
Experian, P.O. Box 2104, Allen, TX 75013, 888-397-3742, www.experian.com;
TransUnion, P.O. Box 2000, Chester, PA 19022, 800-888-4213,
The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. To do so, or to identify steps one can take to avoid identity theft, the Federal Trade Commission can be reached at 600 Pennsylvania Avenue NW, Washington, D.C., 20580, or at www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT
(1-877-438-4338); TTY: 1-866-653-4261.
About St. Joseph Health System
As the longstanding leader in health care services across the Brazos Valley, St. Joseph Health System is based in Bryan, Texas, and serves as a Ministry of Sylvania Franciscan Health. St. Joseph Health System is a faith-based, not-for-profit health system established by the Sisters of St. Francis of Sylvania, Ohio in 1936 and has facilities in eight Brazos Valley counties (Austin, Brazos, Burleson, Grimes, Lee, Leon, Madison, Robertson and Washington) serving more than 325,000 residents.
The system has five hospitals, two long term care centers, more than a dozen physician clinic locations, a charitable foundation and has a designated Accountable Care Organization. St. Joseph has 2,600 Team Members serving in 20 locations across the Brazos Valley and is nationally recognized for its neurosciences and orthopedics programs. Its anchor facility, St. Joseph Regional Health Center in Bryan, is designated as a Level II Trauma Center, accredited as the highest level of Chest Pain Center in the Brazos Valley, and has received designation as a Primary Stroke Center.