On March 13, 2018, letters were sent to patients notifying of an incident that occurred at HORNE, LLP (HORNE), a business associate of Forrest General Hospital (FGH). This incident could have resulted in an unauthorized disclosure of protected health information of certain FGH patients. HORNE has access to these individuals’ personal health information as part of services HORNE provides for FGH with certain Medicaid reimbursement services.
On November 1, 2017, HORNE discovered that the email account of one of its employees was sending phishing emails. HORNE immediately launched an internal investigation and determined that the employee was the victim of a phishing attack and that the email account had been subject to unauthorized access from October 31, 2017 to November 1, 2017. HORNE continued to investigate, with the assistance of a third party forensic investigator, to understand the nature and scope of the event, and whether any sensitive data was at risk. On November 20, 2017, the third party forensic investigator confirmed that certain emails within the employee’s email account were subject to unauthorized access. HORNE reviewed the emails to determine if any sensitive data was contained therein, and on November 27, 2017, HORNE confirmed that certain of the emails contained an attachment with protected health information of certain patients of FGH. HORNE notified FGH on December 5, 2017.
The data elements located within the attachment included some combination of the patients’ name, Medicaid identification number, date of birth, patient account number, dates of service and Social Security number. HORNE cannot confirm whether the unauthorized individual accessed or acquired the attachment, but because it cannot confirm this fact, HORNE is providing notice to the potentially affected patients.
Due to insufficient contact information, some patients whose information was included in the attachment may not have received a notification letter. If you have changed addresses and have not been a patient at FGH since that change of address and are concerned about possible unauthorized disclosure of information, you may contact the dedicated assistance line at 855-367-5405 (toll free), Monday through Friday, 8:00 a.m. to 8:00 p.m. C.S.T.
HORNE, on behalf of FGH, recommends contacting the three major credit card companies to check your financial information: Equifax (800) 525-6285, Experian (888) 397-3742, and TransUnion (800) 680-7289 and will offer free credit monitoring protection for one year for patients whose information was included in the attachment.
HORNE sincerely regrets any inconvenience this incident has caused.