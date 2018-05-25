CANTON, Ohio (WHBC) – There’s been a possible data breach at Aultman Health Foundation.
The Canton-based hospital system in a release say it has begun notifying some of its patients that their personal health information may have been compromised.
They say unknown individuals somehow got through security and accessed certain email accounts back in February and March.
Email accounts with the hospital, its doctor’s offices and AultWorks Occupational Medicine were impacted.
They say there’s no indication any of the information has been used inappropriately.
For patients concerned about their privacy, Aultman will open a dedicated assistance hotline next Tuesday at 855 804-8585.
Here’s the text of the press release from Aultman:
CANTON, Ohio, May 25, 2018 – Aultman Health Foundation has begun notifying some of its patients that their personal health information may have been compromised when unknown and unauthorized individuals bypassed existing security measures and accessed certain email accounts maintained by AultWorks Occupational Medicine, as well as email accounts containing information associated with some of Aultman’s physician practices and Aultman Hospital.
Officials at Aultman Health Foundation first learned of the incident on March 28 and immediately launched an investigation, which included bringing in outside forensic investigation specialists to conduct their own review. As a result of the forensic investigation, Aultman learned that unknown and unauthorized individuals accessed the compromised email accounts in February and March.
From the review, Aultman also determined that some patient information was included in the emails. The affected data varied but may have included personal information such as name, address and date of birth, as well as clinical information such as medical history, exam results, test results, medical record number and physician name. For some, but not all, patients, their Social Security number and/or driver’s license number may have also been included.
At this time, there is no indication that any of the information in the email accounts has been inappropriately used by anyone.
“We take patient privacy very seriously, so we deeply regret that this occurred,” said Tim Regula, vice president of compliance and audit, Aultman Health Foundation. According to Regula, the amount of data that could have been accessed for each patient varied. If a Social Security number or driver’s license was involved, Aultman will be offering credit monitoring services, provided at no charge. Aultman also has established a dedicated hotline that will open on Tuesday, May 29, which affected patients can use to ask questions and seek additional assistance.
As a precautionary measure, Regula urged everyone to take appropriate steps to protect their personal information by remaining vigilant to the possibility of fraud and identity theft by reviewing and monitoring their account statements, explanation of benefits (EOB) forms and free credit reports for any unauthorized activity. Aultman indicated that any unauthorized or suspicious activity should be reported immediately to the appropriate authorities, including law enforcement.
Aultman wants to make sure an incident like this does not happen again, Regula said, so it has taken a number of steps to change the way it stores and protects patient information and has enhanced its security procedures related to the use of email. Specifically, Aultman has reset account passwords and made them longer and more complex; added new security features to email accounts and strengthened security monitoring; and will continue to educate staff on how to avoid the methods that unauthorized individuals used to gain access to the emails. In addition, consistent with its compliance obligations and responsibilities, Aultman is providing notice of this incident to the U.S. Department of Health and Human Services.
“We understand that a threat to one’s personal data can be upsetting, and we apologize for this breach,” Regula said. “We are making it a top priority for our organization and are assigning resources and staff to this issue to help those patients affected by this incident. We want to make sure they to do everything they can to protect their personal information. If you have any questions about this incident, please call our dedicated assistance hotline, which opens Tuesday, May 29, at 855-804-8585.”