LINDNER CENTER OF HOPE DISCLOSES EMAIL SECURITY INCIDENT
Lindner Center of HOPE (LCOH) is making patients aware of a recent data security incident. LCOH’s IT provider discovered that someone accessed the email account of one of our employees without authorization. Upon learning of the incident, the account was promptly secured to prevent further access. A forensic security firm was also retained to investigate and confirm security of our email and computer systems. The compromise was limited to one LCOH email account, which operates outside of and separate from our electronic medical record systems. The LCOH electronic medical record system was not breached.
A forensic investigation revealed that the unauthorized access lasted only a few hours on July 12, 2019, and at this point, we are not aware of any fraud or identity theft to any individual as a result of this incident. We also do not know if any personal information was ever actually viewed or acquired by the unauthorized party. Nevertheless, as part of its investigation, the IT vendor searched for any personal information in the email account that could have been viewed, and on January 13, 2020, it advised us that the account contained some personal information, including dates of service, provider names, and diagnostic, treatment, surgical and/or prescription information. A few individuals’ Social Security number or driver’s license number were also found in the account.
To help prevent something like this from happening in the future, we worked with our IT vendor to reset employee passwords, limit external email access, block access to malicious sites and IP addresses identified through the investigation of this incident, increase monitoring of network activity, add additional authentication measures for remote email access, and we continue to educate users on email security.
We have no indication that any patient information was actually viewed by the unauthorized person, or that it has been misused. However, out of an abundance of caution, we began mailing letters to affected patients on March 13, 2020. We recommend that our patients review any statements they receive from their healthcare providers and health insurers. If you see any services that you did not receive, please contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email accounts, we are offering complimentary credit monitoring and identity protection services.
We deeply regret any inconvenience or concern this incident may cause. We have established a dedicated call center for patients to call with questions. If any patients have questions about this incident, please call 1-877-728-0077, Monday through Friday, 8 a.m. to 5 p.m. Eastern Time.