Skip to main content

Advertisement

ADVERTISEMENT

News

Beacon Health Victim of Cyber Attack; Patient Information Exposed

Lincoln Wright

May 26—SOUTH BEND—Beacon Health Systems fell victim to a "sophisticated cyber attack," but the health agency says it hasn't found evidence of information being misused.

The breach allowed unauthorized individuals to gain access to Beacon employee email boxes, which exposed personal and protected health information of some individuals, including patients, according to a news release. Beacon began mailing letters to affected individuals Friday.

But Beacon, which oversees Memorial Hospital in South Bend and Elkhart General Hospital, said there "is no evidence of any actual or attempted misuse of personal or protected health information belonging to Beacon Health System patients."

The cyber attack was discovered in March, but the unauthorized access of emails began as early as November 2013, according to Beacon. The last date of access into any email box was Jan. 26, 2015. On May 1, after an extensive review of the attack, Beacon was advised that protected health information was contained in the affected emails.

"While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes," Beacon's news release read. "The majority of accessible information related only to patient name, doctor's name, internal patient ID number, and patient status (either active or inactive)."

The accessible information included: Social Security number, date of birth, driver's license number, diagnosis, date of service, and treatment and other medical record information, according to Beacon.

Beacon is providing affected individuals with access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. According to Beacon, it's also reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again.

Beacon is the most recent victim of an increasing number of cyber attacks on health care companies. In February, Indianapolis-based Anthem found hackers broke into a database storing information on 80 million people. The Blue Cross Blue Shield insurer said names, birth dates, email address, employment details, Social Security numbers, incomes and street addresses of people who were currently covered or have had coverage in the past were accessed.

Although Beacon says it has found no evidence of patient information is being misused, fraud experts urge people not to wait for notification to act. Instead, they recommend that people register for a credit freeze, also known as a security freeze, with the three credit reporting bureaus -- Equifax, Experian and TransUnion. That will prevent someone from taking out a line of credit in your name without your permission, but still allow you to use your credit cards. And it can be lifted at any time if you want to apply for a credit card or loan.

To place a credit freeze

To send a letter by certified mail, include the following information: full name, including middle initial and generation (Jr., Sr., etc.); Social Security number; complete addresses for the past five years; date of birth; a copy of a government-issued identification card; and one copy of a utility bill, bank or insurance statement. Michigan residents should also include either a $10 fee or a valid investigative or incident report of alleged theft or a complaint filed with a law enforcement agency.

  • Equifax Security Freeze: P.O. Box 105788, Atlanta, GA 30348; 800-685-1111; bit.ly/16zfMJo
  • Experian Security Freeze: P.O. Box 9554, Allen, TX 75013; 888-397-3742; bit.ly/1Adj178
  • TransUnion LLC Security Freeze: P.O. Box 2000, Chester, PA 19022-2000; 800-680-7289; www.transunion.com

Copyright 2015 - South Bend Tribune, Ind.

Advertisement

Advertisement

Advertisement