SC: Roper St. Francis notifying patients after employees fall for phishing attack
Roper St. Francis posted the following notice on their web site on January 29:
Roper St. Francis Healthcare values the privacy and confidentiality of our patients’ information. Regrettably, this notice is regarding a recent incident that may have involved some of your information.
On November 30, 2018, we learned that an unauthorized actor may have gained access to some employees’ email accounts between November 15 and December 1, 2018. We immediately took steps to secure the email account and began an investigation, which included hiring a leading third party forensic firm. Our investigation determined that some patient information may have been contained in the email accounts, patients’ names, medical record numbers, information about services they received from Roper St. Francis, health insurance information, and, in some cases, Social Security numbers and financial information.
We have no indication that any patient information has been misused. As a precaution, for those patients whose Social Security number was affected, we are offering complimentary credit monitoring and identity protection services. We advise all patients affected to review the statements they receive from their healthcare providers. If they see services they did not receive, please contact the provider immediately.
We began mailing letters to affected patients on January 25, 2019 and have established a dedicated call center to answer any questions patients may have. If you believe you were affected by this incident and do not receive a letter by February 20, 2019, please call 1-877-231-1926, Monday through Friday, 9 a.m. to 9 p.m., Monday through Friday.
We apologize for any inconvenience or concern this incident may cause you. To help prevent something like this from happening again, we are continuing education with our staff on email protection and enhancing our email security.
Note: Two site are reporting that 13 employees fell for the attack, but neither site provides a source for that statement.