GOSHEN — Goshen Health is addressing a security incident that involved the personal information of some of its patients, the health care network has announced.
Goshen Health, in a release issued Monday night, said it launched an internal investigation, notified individuals who may have been impacted and implemented additional security measures to prevent future occurrences.
According to the release, an unauthorized third party may have access the email accounts of two Goshen Health colleagues from approximately Aug. 2, 2018, to Aug. 13, 2018. At that time, however, it did not appear that notification to any patients was required, the organization said.
As Goshen continued to enhance its email security, it employed additional forensic tools and technology and retained outside forensic experts in November 2018 to re-evaluate the incident. There was no indication that any personal information was actually viewed or acquired by the unauthorized party. Nevertheless, as part of its investigation, an intensive search occurred for any personal information in the email accounts that could have been viewed.
On Aug. 1 this year, Goshen Health determined that the accounts contained some of its patients’ personal information. The type of information at issue varied for each individual, but may have included an individual’s name, address, date of birth, physician name, health insurance information, limited clinical information, Social Security number and driver’s license number.
The release did not indicate how many patients may have been affected.
On Monday, Goshen Health began sending written notifications to all potentially impacted individuals for whom it has contact information, and arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident.
Affected individuals are being asked to refer to the notice they will receive in the mail regarding steps they can take to protect themselves. As a precautionary measure, impacted individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, the network said, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general.
Affected individuals may also wish to review the tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. More information is available at www.ftc.gov/idtheft or call 1-877-438-4338 (1-877-ID-THEFT). Affected individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Ave., NW, Washington, DC 20580.
Upon learning of the incident, Goshen Health said it launched an internal investigation and changed the passwords for the two email accounts at issue. A leading forensic security firm was retained to assist in the investigation and to provide further training and assistance to all staff related to phishing email security awareness.
Officials apologized and said Goshen Health takes the security of personal information and patient information systems seriously.
Additional information is available at www.goshenhealth.com or via a confidential, toll-free inquiry line at 1-888-470-4111 between 8 a.m. and 5 p.m. Monday through Friday.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.