Email breach at Perry County Memorial may have exposed patient data

A pair of employee email accounts at Perry County Memorial Hospital were reportedly accessed without authorization recently, potentially exposing private patient information of “some individuals,” according to the hospital.

A statement released Monday by the Perryville, Missouri, hospital said the email accounts were accessed on or about Aug. 23. The hospital is notifying individuals whose personal information may have been exposed.

“Fortunately, the incident was limited to only two employee email accounts,” according to the statement, which said the unauthorized email access did not affect the hospital’s overall medical, billing or human resources records systems.

There have been no reports of identity theft as a result of the incident, according to the hospital.

“PCMH promptly responded to this incident, changing passwords to block suspicious activity and unauthorized access,” the hospital said in its statement. “In an abundance of caution, outside technical experts were retained to help with investigating the incident in order to evaluate the full nature and scope of any potential access to ensure there was no access to individual personal information.”

The review, the hospital said, determined some data may have been compromised.

“To date, it appears the information potentially involved was full name, date of birth, diagnoses/diagnostic codes, internal patient account numbers, provider names and other health information,” the hospital said in its statement. “In a limited number of instances, Social Security numbers, Medicare/Medicaid numbers, and health insurance information may have been in the affected email accounts.”

While the hospital said it has no evidence any personal information has been used inappropriately, affected people should remain vigilant and monitor bank statements and credit reports carefully and report any discrepancies to law enforcement. Identity theft monitoring services are being provided to any individuals whose Social Security numbers were potentially divulged.

“PCMH values the safety and security of the data that it maintains and is continuing to take steps to enhance its security measures to help prevent something like this from happening in the future,” the hospital said in its statement.

The hospital has set up a toll-free call center, (888) 768-6008, to answer questions and concerns anyone might have about the incident, including whether their information was potentially affected. The line is staffed from 9 a.m. until 4 p.m. weekdays, excluding holidays, through mid-January.

Do you crave business news? Check out B Magazine, and the B Magazine email newsletter. Check it out at www.semissourian.com/newsletters to find out more.