The task? To create a press release for a fictional hospital whose computer systems have been breached. The objective was to communicate what action steps had been taken to secure patient data, to develop an avenue for communication with patients who might have been affected, and to assure stakeholders and the local community that the situation was being handled with transparency and integrity. In this case, there was no photo or media added, the pressing and serious nature of the subject precluded that approach.
For Immediate Release
St. Agatha’s Memorial Hospital Announces Electronic Medical Records Security Breach
The Woodlands, Texas – December 1, 2022 – St. Agatha’s Memorial Hospital announced that at 11:00 am today, it was discovered there was unauthorized access by an outside individual who obtained certain types of personal and health information which would be protected under the Health Insurance Portability and Accountability Act (HIPAA). The breach is specific to people who had been patients in their oncology program in the months June-August of this year, affecting approximately 750 individuals.
The largest category of information accessed was information on insurance, billing, and payment methods. This information also included personal data including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and, in some cases, medical record numbers, diagnoses, treatment care plans and other information used to provide treatment for oncology patients at the hospital. The hospital’s Director of Security, Jorge Fernandez, said today, “The security and confidentiality of private health information is critical to SAMH and addressing this breach so that it cannot happen again is my first priority. We understand that when dealing with a significant health crisis, the last thing a patient and their loved ones need to worry about is whether their privacy and personal data are at risk.”
Mr. Fernandez also revealed the action steps that are being taken by the hospital by the end of today, which include:
- Notifying the Federal Trade Commission, the Secretary of the U.S. Department of Health and Human Services, and all major credit bureaus
- Hiring a third-party cyber security firm, Houston-based Cyber Evidence, Inc to find and correct the configuration vulnerability that this individual exploited
- Working with federal law enforcement (the FBI) to identify the person(s) responsible
- Setting up a toll-free hotline and a page on the hospital’s website where individuals can reach out to the hospital with questions: 1-800-555-1212, (link here)
In addition to those most immediate action steps, plans are being developed to:
- Notify all patients whose information was potentially compromised, in accordance with Texas state law
- Provide support through aforementioned Cyber Evidence, Inc. for affected individuals to monitor their credit and provide identity theft protection and/or identity theft restoration services as needed
“While I am grateful that the security breach was discovered quickly, enabling us to go into immediate security measures to prevent a broader scope of damage, I am deeply sorry for what has happened,” said Dr. Elizabeth Davis, Senior Vice President of St. Agatha’s. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
About St. Agatha’s Memorial Hospital
Founded in The Woodlands in 1978, SAMH is a small hospital specializing in the treatment and support of women’ health, including care for gynecology, obstetrics, fertility, and diseases affecting the female reproductive system. St. Agatha’s was the recipient of the 2002 Carolyn Boone Lewis Equity of Care Award, whose “honorees demonstrate a high level of success in reducing health care disparities and promote diversity in leadership and staff within their organization” (American Hospital Association). The hospital is proud to have the highest number of female health care providers per capita in the state of Texas, and is dedicated to its mission of providing innovative, compassionate care for women’s bodies, minds, and spirits.
Contact Information:
St. Agatha’s Memorial Hospital
Kim Bryant, Public Information Officer
(713-298-5938)
kbryant@SAMH.org
###
Kimberly Bryant, MA 