Black River Medical Center has become aware of a potential data security incident that may have resulted in the inadvertent exposure of some patients’ personal information. Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication that anyone’s information was actually misused, we have taken steps to notify any patients who may have been affected by this incident. This includes sending letters to anyone whose information might have been exposed.
On April 23, 2018, we discovered that an employee’s email account was compromised as the result of a phishing attack. Our IT department immediately commenced an investigation to determine whether sensitive information in the account was at risk. The investigation determined that an unknown, unauthorized third party gained access to the employee’s email account and could have viewed or accessed the information contained therein, which included patients’ names, addresses and phone numbers, and in certain instances, limited treatment information. Fortunately, Social Security numbers or financial / billing information were not involved in this incident.
At this time, there is no evidence that the unauthorized party actually accessed or viewedany patient information in the email account, and we are not aware of any misuse of patient information. Notification letters mailed on June 13, 2018, include additional information about what occurred and a toll-free number that patients can call to learn more about the incident. The call center is available Monday through Friday from 8:00 AM and 7:00 PM Central, and can be reached at 1-800-939-4170.
The privacy and protection of patient information is a top priority for Black River Medical Center, which regrets any inconvenience or concern this incident may cause.
For more information, please visit this website.