May 6 — Ashtabula County Medical Center (“ACMC”) announced today that it has become aware that it inadvertently exposed the health information of a limited number of patients to the public in January, 2020. ACMC learned of this problem in March, 2020 and immediately removed the information from public view.
In compliance with a government requirement about medical cost disclosures, ACMC posted an Excel spreadsheet on its website on or around January 6, 2020, On March 12, 2020, ACMC discovered that the spreadsheet unintentionally included health information, such as name, diagnoses and health and treatment history of the listed patients. Financial and identification information (such as Social Security number) was not posted and not disclosed.
ACMC immediately contacted independent cyber security professionals to assist in protecting its patients and changed its procedures to prevent such disclosures in the future.
On April 28, 2020, ACMC notified potentially impacted individuals of this incident by letter and provided resources to help them protect their identities. The letters include information about this incident and what steps those individuals who had their information exposed can take to monitor and protect their information.
ACMC has established a toll-free call center to answer questions about the incident and related concern. The call center is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time and can be reached at 1-800-939-4170. In addition, out of an abundance of caution, ACMC offered, at no cost, identity protection services through ID Experts to individuals whose information was exposed.
ACMC is not aware of the misuse of any patient information resulting from this incident.
Ashtabula County Medical Center is a full service medical facility located at 2420 Lake Avenue, Ashtabula, Ohio 44004
SOURCE: Ashtabula County Medical Center