KBTX | Bryan & College Station, TX | Aggieland News

St. Joseph Health System Confirms Data Security Incident

More Video...

BRYAN, Texas St. Joseph Health System announced Tuesday that the personal data of more than 400,000 former and current patients, as well as some employees, was compromised during a cyber security attack.

This happened in mid-December but notifications are just now being mailed out.

News 3 looked into what happened and what you need to do if you think your personal information may have landed in the hands of criminals.

St. Joseph Healthcare officials say a server was hacked by IP addresses from China and elsewhere back on December 16th.

The personal information of some 405,000 past, and present patients as well as employees may have been compromised.

A small percentage of some employees bank information was also breached.

"For most people it's name, date of birth, and social security number, for some of them a little bit of medical information not their whole medical record," said Tim Ottinger, VP of Community Relations for St. Joseph Healthcare System.

Ottinger says they shut the server down within 48 hours and called in a forensics team to investigate.

The FBI also opened a case.

"The forensics investigation was inconclusive. We don't know that anything was taken," Ottinger said.

The breach affects people in the system over the past ten years not only in Bryan, but also Madison, Grimes, Burleson Counties and the St. Joseph Rehabilitation Center.

Ottinger says it took time to completely investigate before they went public. Those who may have been impacted were automatically signed up for identity protection for a year for free.

"I'll say on behalf of everybody at St. Joseph we really deeply regret the inconvenience and the concern this would cause anyone. We want to protect their information and do work to keep it secure," he said.

So far there have been no complaints of fraud or abuse.

If you have questions you can call the St. Joseph Call Center toll free at (855) 731-6011, from 8 A.M. To 8 PM everyday except Sunday.

St. Joseph officials also warn consumers to be on the lookout for scammers.

They also say they will not be sending out notifications by email, and warn you to be on the lookout for follow up scams.

Press Release From St. Joseph Healthcare System
From St. Joseph's website:

As part of our ongoing commitment to the privacy of our patients and their families, St. Joseph Health System (“SJHS”) based in Bryan, Texas, is informing individuals of an incident that may affect their personal information.

After you read this notice, if you have any questions please call the confidential call center by dialing, toll-free, (855) 731-6011, Monday through Saturday, 8:00 AM to 8:00 PM U.S. Central Time.

Si Usted prefiere hablar con alguien en Español sobre este asunto, por favor comuniquese con el centro confidencial de suporte al cliente, por llamada a (855) 731-6011.

Between Monday, December 16 and Wednesday, December 18, 2013, SJHS experienced a security attack in which hackers gained unauthorized access to one server on its computer system. SJHS acted quickly, shutting down access to the involved computer on December 18, and hiring national security and computer forensics experts to thoroughly investigate this matter.

Our investigation, which is ongoing, determined that this security attack may have resulted in unauthorized access to records for some SJHS patients, employees, and some employees’ beneficiaries. These records included names, social security numbers, dates of birth, and possibly addresses.

For the affected patients, medical information was also accessible. For some of the affected employees, bank account information was also accessible.

We are sorry for any trouble or concern that this may have caused our patients, employees and their families.

While it is possible that some information was accessed or taken, the forensics investigation has been unable to confirm this, which is why we are providing this notice.

The computer was shut down when we discovered the security attack on December 18, 2013, so we believe the potential risk to individuals’ information ended on that date.

SJHS is working with the United States Federal Bureau of Investigation, which is also looking into this incident. SJHS is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state and international regulators.

It is important to note that SJHS has received no reports that any of the personal information involved has been misused. We take this matter, and the security of our patients’, employees’, and employee beneficiaries’ personal information, very seriously. As a precaution, SJHS wants to assist individuals affected by this incident in protecting their identity, even though we are not aware of any misuse of the information, and we have been unable to determine whether any data was in fact taken. SJHS is offering affected individuals with access to one free year of identity protection services provided by AllClear. These identity protection services start on the date of this notice and can be used any time over the next 12 months.

To further protect individuals from identity theft or financial loss, we encourage patients, employees, and their families to remain vigilant, to review their account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.

Individuals can also check their credit by obtaining a free credit report. Under U.S. law, individuals are entitled to one free credit report every year from each of the three major credit bureaus.

To order a free credit report, individuals should visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also write, call, or email the three major credit bureaus directly to ask for a free copy of their credit report. Additional information regarding how to contact the credit bureaus and how individuals may protect their identity is included below.

SJHS established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration, and familiar with this incident. If individuals have any questions about this incident or this notice, or if individuals believe they may be victims of identity theft they should contact the call center.

Please know that we are taking steps that will prevent this from happening again in the future. We encourage affected individuals to take advantage of the free identity and credit protection services described above. SJHS remains committed to the security of personal information.

Sincerely,

Denise Goffney, Corporate Compliance Officer and Privacy Officer
St. Joseph Health System

The official news release is as follows:

MEDIA RELEASE
Hold for 1:30 PM Feb. 4

St. Joseph Health System Confirms Data Security Incident
Bryan, Texas – February 4, 2014 – St. Joseph Health System (SJHS), a not-for-profit integrated Catholic health care delivery system, confirmed that between Monday, December 16 and Wednesday, December 18, 2013, the organization experienced a data security attack
in which certain parties gained unauthorized access to a single server containing patient and employee files on its computer system.

The unauthorized parties, operating from IP addresses in China and elsewhere, accessed a server storing patient and employee data for St. Joseph Regional Health Center, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center.

The safety and security of our patients’ and employees’ personal information is very important to SJHS, and we regret any inconvenience or concern that this matter may have caused.

As soon as the incident was discovered, SJHS took the affected server offline and launched a thorough forensics investigation with national security and computer forensics experts.

The investigation, which is ongoing, confirmed that approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information was accessible to the
unauthorized parties.

While it is possible that some information was taken, the forensics investigation has been unable to confirm this. SJHS does not believe any of our former/current patients’, employees’ or their beneficiaries’ information is at further risk because of this incident.

The data that was accessible included a combination of affected individuals’ names, social security numbers, dates of birth, and possibly addresses.

For the affected patients, medical information was also accessible. For some of the affected employees, bank account information was also accessible.

Affected individuals whose information was accessible are receiving notification letters by mail in the coming days providing them information on this incident.

SJHS is dedicated to the privacy and safety of patient and employee information and deeply regrets any potential impact this incident could have.

Consistent with our values, we are diligently pursuing all avenues to protect the interests of the individuals we serve.
To further serve the individuals who may have been affected by this incident, St. Joseph will provide:
 A confidential call center operating from 8:00 a.m. to 8:00 p.m. CST, Monday-Saturday.

This call center will handle questions on this incident and identity protection, and can be reached at (855) 731-6011

Free identity protection services for one year to affected patients and employees.

The opportunity to enroll for free in triple-bureau credit monitoring to affected patients and employees.

To guard against something like this from happening again, St. Joseph is taking appropriate additional security measures to strengthen the security of its system.

SJHS encourages its current and former employees and patients to protect against possible identity theft or other financial loss by reviewing account statements and explanations of
benefits statements for any unusual activity, notifying credit card companies of this notice, and monitoring credit reports.

Under U.S. law, everyone is entitled to one free credit report annually
from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

At no charge, individuals can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify identity prior to granting credit.

Should an individual wish to place a fraud alert, or have questions regarding his/her credit report, please contact any one of the following agencies:

Equifax, P.O. Box 740241,
Atlanta, GA 30374, 800-685-1111, www.equifax.com;

Experian, P.O. Box 2104, Allen, TX 75013, 888-397-3742, www.experian.com;

TransUnion, P.O. Box 2000, Chester, PA 19022, 800-888-4213,
www.transunion.com.

The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. To do so, or to identify steps one can take to avoid
identity theft, the Federal Trade Commission can be reached at 600 Pennsylvania Avenue
NW, Washington, D.C., 20580, or at www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT
(1-877-438-4338); TTY: 1-866-653-4261.

About St. Joseph Health System
As the longstanding leader in health care services across the Brazos Valley, St. Joseph Health
System is based in Bryan, Texas, and serves as a Ministry of Sylvania Franciscan Health. St.
Joseph Health System is a faith-based, not-for-profit health system established by the Sisters
of St. Francis of Sylvania, Ohio in 1936 and has facilities in eight Brazos Valley counties
(Austin, Brazos, Burleson, Grimes, Lee, Leon, Madison, Robertson and Washington) serving
more than 325,000 residents.

The system has five hospitals, two long term care centers, more
than a dozen physician clinic locations, a charitable foundation and has a designated Accountable Care Organization. St. Joseph has 2,600 Team Members serving in 20 locations across the Brazos Valley and is nationally recognized for its neurosciences and orthopedics programs. Its anchor facility, St. Joseph Regional Health Center in Bryan, is designated as a Level II Trauma Center, accredited as the highest level of Chest Pain Center in the Brazos Valley, and has received designation as a Primary Stroke Center. For more information, visit:
http://www.st-joseph.org/


Join the Conversation!

To comment, the following rules must be followed:

  • No Obscenity, Profanity, Vulgarity, Racism or Violent Descriptions
  • No Negative Community Comparisons
  • No Fighting, Name-calling, Trolling or Personal Attacks
  • Multiple Accounts are Not Allowed
  • Stay on Story Topic

Comments may be monitored for inappropriate content, but the station is under no legal obligation to do so.
If you believe a comment violates the above rules, please use the Flagging Tool to alert a Moderator.
Flagging does not guarantee removal.

Multiple violations may result in account suspension.
Decisions to suspend or unsuspend accounts are made by Station Moderators.
Questions may be sent to comments@kbtx.com. Please provide detailed information.

powered by Disqus
KBTX-TV Channel 3 4141 E. 29th Street Bryan, TX 77802 Phone: (979) 846-7777 Fax: (979) 846-1490 News Fax: (979) 846-1888
Gray Television, Inc. - Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 243558231 - kbtx.com/a?a=243558231