Notice of a Data Incident

Posted 1/31/2020

Hospital Sisters Health System (“HSHS”) recently became aware that an unauthorized third party may have potentially accessed some HSHS employees’ e-mail accounts from August 6, 2019 to August 9, 2019.  Upon learning of the incident, HSHS promptly launched an internal investigation, changed the passwords for the affected e-mail accounts, and retained a leading forensic security firm to assist in its investigation.  Additionally, HSHS reviewed the context of the affected email accounts to determine if the accounts contained any personal information and/or protected health information.  Additionally, HSHS has already taken measures to help prevent this type of incident from occurring in the future.  

On December 2, 2019, HSHS determined that the e-mail accounts contained certain of its patients’ personal information including patients’ names, dates of birth, limited clinical information, and, in some instances, health insurance information, Social Security numbers or driver’s license numbers. 

On January 31, 2020, HSHS sent written notification to all potentially impacted individuals for whom we have contact information, and have arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were affected.  If you do not receive written notification from us, but you are a patient or employee of HSHS, or otherwise believe you could have been impacted by this situation, please contact us at the toll-free inquiry line below.  
 
Affected individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves.  In general, we recommend, as a precautionary measure, that individuals remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely.  If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained.  They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general.

You may also wish to review the tips provided by the FTC on fraud alerts, security/credit freezes and steps that you can take to avoid identity theft.  For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338).  You may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

HSHS apologizes for any inconvenience or concern that this incident might cause the affected individuals.  Additional information is available via a confidential, toll-free inquiry line at 1-844-902-2031 between 8:00 a.m. and 5:30 p.m., Central Time, Monday through Friday.
Notice of Nondiscrimination: English
Language Assistance: Español | Hmoob | Deutsch Français | 
繁體中文
 | Deitsch | Polski | العربية | Русский | Italiano | Tagalog | हिंदी  | ພາສາລາວ | 한국어 | Tiếng Việt | اُردُو