Notice to Our Patients of a Data Security Incident
St. Joseph’s/Candler (“SJ/C”) is committed to protecting the confidentiality and security of our patients’ information. This notice describes an incident that may have resulted in unauthorized access to patient and employee information. On June 17, 2021, SJ/C identified suspicious activity in its IT network. SJ/C immediately took steps to isolate and secure its systems, notified law enforcement, and launched an investigation with the assistance of cybersecurity firms. Through SJ/C’s investigation it was determined that the incident resulted in an unauthorized party gaining access to SJ/C’s IT network between the dates of December 18, 2020 and June 17, 2021. While in our IT network, the unauthorized party launched a ransomware attack that made files on our systems inaccessible.
The investigation further determined that the unauthorized party may have accessed files that contain information pertaining to SJ/C patients. We cannot rule out the possibility that, as a result of this incident, files containing some of your information may have been subject to unauthorized access. This information may have included patient names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, financial information, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information regarding care received from SJ/C.
Beginning on, August 10, 2021, SJ/C started mailing letters to individuals whose information may have been involved in the incident. We have also established a dedicated call center to answer questions about the incident. We are offering notified individuals complimentary credit monitoring and identity protection services. If you have questions, please call 855-623-1933, Monday through Friday, between 8:00 a.m. and 5:30 p.m., Eastern Time. We recommend that patients whose information may have been involved in this incident review the statements they receive from their health care providers. If they see services they did not receive, patients should contact the provider immediately.
We deeply regret any concern or inconvenience this incident may cause our patients. To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems.