BATON ROUGE, La. (WVUE) - LSU Health New Orleans Health Care Services Division said it became aware of a cyber intrusion into an employee’s electronic mailbox.
Email messages or attachments contained limited information about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; and the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.
It is possible that this information was accessible.
The school thinks there was a possible intrusion around and the mailbox access was discovered and disabled on Sept. 18. The Health Care Services Division is not aware that the intruder actually accessed or misused the patient information in the employee’s mailbox, according to the school.
LSU Health Care Services Division is currently investigating the time frame of the patient information that may have been accessed.
When the intrusion was discovered, an investigation began and people impacted were warned about the breach.
The type and amount of patient information varied by location of care and each email message but may have included: patients’ names; medical record numbers; account numbers; dates of birth; Social Security numbers; dates of service; types of services received; phone numbers; and/or addresses; and insurance identification numbers.
A few contained a patient’s bank account number and health information including a diagnosis. In most instances, there was limited information in the email or attachment, meaning that just a few of these identifiers were contained in the email.
Out of an abundance of caution, patients who received care at the above hospitals are encouraged to monitor their credit reports for potential identity theft. The website www.identitytheft.gov provides a step-by-step process to respond to, and recover from, incidents of identity theft.
LSU Health Care Services Division sincerely regrets any inconvenience or concern this incident may cause affected patients. Although strict privacy and security policies were in place at the time of the intrusion, security practices and procedures as well as additional available methods for protecting the email system are being reviewed to determine if improvements can be made to further reduce the risk of such a breach in the future. Any changes will be included in the information security training that all employees are required to complete.
Any questions concerning this matter should be directed to LSU Health Care Services Division’s Compliance and Privacy Department at 1-800-735-1185. Please leave your name and a phone number where you can be reached. Your calls will be returned as soon as possible.
Copyright 2020 WVUE. All rights reserved.