Information Regarding An Incident Potentially Affecting Patient Information

Hillcrest Medical Center (“HMC”) has recently notified certain individuals of an incident involving some of their personal information.

The incident relates to a phishing email that was sent to an HMC employee and allowed an external agent to temporarily access the employee’s web-based email account.  HMC became aware of this access on December 14, 2017 and immediately disabled any unauthorized access to the employee’s email account.  Our IT support team also conducted an investigation into the issue with the assistance of an outside data security firm, and determined that the unauthorized agent had accessed several emails. Because the HMC employee had access to patient information as necessary to perform her job functions, we determined that the external agent could potentially have accessed patient information as a result of this incident. The emails could have contained the following: patient first and last name, medical record number, insurance identification number, insurance type/name, date of service, date of birth, address, telephone number, and in some instances billing codes corresponding to the services received. The emails did not contain any credit card information.

We are taking steps to avoid any future similar incidents.  In addition to the investigation that has been completed, we are providing re-training to employees regarding vigilance towards suspicious emails. As an additional precaution, to reduce the risk of fraud or identity theft, we are offering affected individuals a one-year membership in Experian’s® IdentityWorksSM at no cost.

We encourage individuals to take precautions to protect the security of their personal information. We recommend that individuals remain vigilant to prevent identity theft and fraud by monitoring credit reports and financial institution and other account statements.  Individuals may place fraud alerts on credit reports and to alert potential creditors or lenders of potential fraudulent activity related to the use of personal information.  They may do so by contacting credit reporting agencies.

HMC takes information security and privacy very seriously.  We are not able to confirm that any information was accessed by an unauthorized agent, but that it could have been.  We deeply regret this situation and any inconvenience this may cause. 

To Find Out More Information

Individuals can contact us at 800-722-4919 to find out whether their information was affected in this incident, as well as to learn more information about the credit monitoring services offered through Experian.