Self Regional Healthcare is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
On August 22, 2019, we learned that an unauthorized person gained access to an employee email account that contained patient information between July 18 and August 22, 2019. We ensured the account was secured, began an investigation, and a leading computer forensic firm was hired to assist. The investigation was unable to determine whether the unauthorized individual actually viewed any emails or attachments in the account. We reviewed emails and attachments in the account to identify patients whose information may have been accessible to the unauthorized person. Patient information was identified in the account, including patient names, dates of birth, patient account and/or medical record numbers, and clinical information, which may have included dates of service, diagnosis, procedure, and/or treatment information. For a small subset of patients, Social Security numbers and health insurance identification numbers were also found in the account.
We have no indication that any patient information was actually viewed by the unauthorized person, or that it has been misused. However, out of an abundance of caution, we mailed letters to affected patients on October 21, 2019, and have established a dedicated call center to answer questions that patients may have. If you believe you are affected but do not receive a letter by November 1, 2019, please call 1-844-996-1031, Monday through Friday, between 9:00a.m. and 6:30p.m. Eastern Time.
We recommend that our patients review the statements they receive from their healthcare providers and health insurers. If you see services that you did not receive, please contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email account, we are offering complimentary credit monitoring and identity protection services.
We deeply regret any inconvenience or concern this incident may cause you. We continually evaluate and modify our practices to enhance the security and privacy of our patients’ information. To help prevent something like this from happening in the future, we are reinforcing employee training on privacy and security and are instituting additional security measures throughout the health system.