Memorial Health System Alerts Patients About Possible Data Breach | News, Sports, Jobs
MARIETTA — The personal information of more than 200,000 people may have been accessed in a cyberattack on the Memorial Health System last year, though officials say there’s no indication of identity theft or unauthorized use of the data has taken place.
Memorial patients whose personal medical information, social security number, account number or date of birth might have been accessed recently received letters informing them of the situation. The letter indicates that the recipient’s information was present in systems to which a “unauthorized actor” from July 10 to August 15 approximately.
“While the thorough investigation with FBI and cybersecurity teams indicates no reason to suspect that there has been any fraudulent use or public disclosure of patient information associated with this incident, we are notifying patients whose information MAY have been accessed during the breach”, Jennifer Offenberger, associate vice president, service excellence, for Memorial said via email Thursday. “The health and safety of our patients is essential to who we are, and that includes protecting patient privacy and safety.”
A hotline for patients to call with questions or concerns is available at 855-545-2370 from 9 a.m. to 6:30 p.m. Monday through Friday. Memorial also offers a free credit monitoring service, with enrollment instructions included with the letters.
Malware was identified in Memorial’s system on Aug. 14 and an investigation was immediately launched, Offenberger said. On August 18, Memorial Health System CEO Scott Cantley announced that a deal had been reached, with the help of the FBI and the system’s insurance company, and that they would be able to unlock their servers after the ransomware attack.
In mid-September, the letter says, it was determined that a “An unauthorized actor may have accessed or acquired information from systems potentially containing patient information.
On Nov. 1, a review had determined the extent of the information at risk and that potentially impacted, Offenberger said.
“We have spent time since then confirming the patients, the types of information involved and the best contact details,” she said.
A total of 216,470 people were identified in the database, Offenberger said.
The review was completed on December 9. On Jan. 4, a notice was posted on the Memorial Health System website and letters were sent to those affected, she said.
Memorial continues to work with law enforcement, including the FBI, to identify and prosecute those responsible for the attack, Offenberger said.
“MHS has strict security measures in place to protect the information in our possession, and we have worked to add other technical safeguards to our environment,” she said. “Since the attack, we have further tightened the security of our electronic health record to prevent another cybersecurity event from happening again, with a strong focus on education.”
Evan Bevins can be reached at [email protected]