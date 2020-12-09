Monroe Surgical Hospital recently began notifying individuals of a service provider security incident that involved the personal information of some of its patients and customers.
Vantage Health Plan General Counsel Robert Bozeman signed a letter describing the incident earlier this week.
Monroe Surgical Hospital uses an IBERIABANK lock box service, which collects and processes payments from our patients and customers. In turn, IBERIABANK uses a third party, Technology Management Resources Inc. (TMR), to scan and process the payments and other pertinent payment data received in the lock box. Monroe Surgical Hospital has no relationship with TMR.
In July 2020, TMR discovered that a TMR employee’s user account had been compromised. Monroe Surgical Hospital received formal notice of this incident on Oct. 13, 2020 and began investigating.
TMR reported that when they discovered the incident, they immediately secured the account and began an investigation in consultation with external cyber-security professionals. TMR has stated that their investigation determined that the cyber-criminal, or threat actor, may have viewed images of checks and related images containing potential Protected Health information (PHI) related to patients of Monroe Surgical Hospital. According to TMR, the threat actor activity occurred between Aug. 5, 2018 and May 31, 2020, with the bulk of activity occurring between February and May 2020. TMR notified the FBI of this incident. This incident is believed to be part of a wider effort by an unknown cyber-criminal to attack TMR customers beyond IBERIABANK.
According to TMR, the investigation concluded that the threat actor potentially viewed images containing PHI within TMR’s application. The PHI on these images may have included certain patients’ names, addresses, dates of birth, patient and health insurance account numbers, procedure type, provider name and treatment cost information.
Any Monroe Surgical Hospital patients or customers who were impacted by this incident has or will receive a letter in the mail from IBERIABANK in the coming days.
Monroe Surgical Hospital officials say the company takes the privacy and security of our patients’ information very seriously. Fortunately, the hospital and its internal security and computer systems were not involved in this breach. IBERIABANK, however, is offering our affected patients and customers credit monitoring and identify theft protection through CyberScout in order to give peace of mind. Information regarding these services will be provided in the letter from IBERIABANK.
