What to do when your medical records have been hacked

Sebastian River Medical Center patients are among approximately 4.5 million people whose information was stolen in a cyber-attack on the computer network of SRMC’s parent company, Community Health Systems, earlier this year.

What can people do if their personal information has been surreptitiously accessed?

Apparently not much after the horse has been let out of the barn. The main thing seems to be to enroll in an identity theft program and monitor your credit reports to see if any unauthorized charges – or attempted charges – have been made in your name. At least in this case the hospital’s parent company has offered to pay for all that.

The attack is believed to have come from China, and obtained patients’ names, addresses, birthdates, phone numbers and Social Security numbers, but did not access medical, clinical, credit card or financial information.

The attack was confirmed on July 1, 2014, by the Franklin, Tennessee-based company, which owns, leases or operates 206 hospitals in 29 states.

This cyber-attack follows similar data security breaches that recently hit well known merchants like eBay and Target.

When asked for a comment from hospital CEO Kelly Enriquez, Director of Community Relations Angela Dickens responded, “We are not allowed to speak at the local level.”

She provided a statement from the company’s corporate office approved for local distribution which reads, in part, “We sincerely apologize for any concern or inconvenience this breach has caused and want to help any affected patients get access to free credit monitoring and identity theft protection services.”

The statement goes on to explain how to enroll in these programs.

All affected patients, including those at SRMC, have been sent notification letters explaining the breach and offering assistance.

Patients who call SRMC for further information are directed to call the toll-free 855-205-6851 number, which connects them with Kroll, “a leading provider of risk solutions, headquartered in New York, with offices in 26 companies,” according to Kroll’s website.

By following the prompts, patients can obtain details, and can also learn that Community Health Systems is “very sorry and takes responsibility” for the breach, and is taking security measures (in addition to those already in place) “to prevent future attacks of this nature,” which might not be much comfort, after the fact.

Medical records cyber-theft is increasing rapidly, the stolen information used by criminals to file fake insurance claims, obtain prescription medication or sell Social Security numbers.

Experts such as John Halamka, co-chair of the federal Health IT Standards Committee, consider the attack on CHS among the most sophisticated they’ve seen.

Affected individuals are advised to take advantage of the free credit monitoring and identity theft protection offered.

Comments are closed.