Legacy Health announced on Aug. 20 that it is mailing letters to patients whose information may have been involved in a recent phishing incident.
On June 21, 2018, Legacy Health learned an unauthorized third party may have gained access to some employees’ email accounts in May 2018. Officials at Legacy Health immediately began an investigation, including hiring a leading third party forensic firm to assist them.
The investigation determined that some patient information may have been contained in the affected email accounts, and may have included patients’ names, dates of birth, health insurance information, billing information, medical information regarding care they received at Legacy Health and, in some cases, social security numbers and driver’s license information.
Notification letters will be sent to any patient whose information may have been involved.
Legacy Health has no indication that any patient information has been misused and not all of Legacy Health’s patients were affected by this incident. Legacy Health is offering credit monitoring to the individuals whose social security numbers were contained within the email accounts. Legacy Health officials recommend its patients review the statements they receive. If they see services they did not authorize, please contact the provider immediately.
“We deeply regret any concern or inconvenience this may cause our patients,” a news release from Legacy stated. “Legacy Health values the privacy and confidentiality of our patients’ information. To help prevent something like this from happening in the future, Legacy Health is implementing additional access restrictions.”
Legacy Health has established a dedicated call center to answer questions for patients at 1-888-277-6762, 6 a.m.-5 p.m. Pacific Time, Monday through Friday.