LSU Health New Orleans Health Care Services Division experienced a cyber-attack into an employee's email account on Sept. 18 which left thousands of patient documents potentially accessible according to WAFB. The account was immediately suspended afterward.
Emails and attachments contained information about patients who received medical attention from the following hospitals: Lallie Kemp Regional Medical Center in Independence, Leonard J. Chabert Medical Center in Houma, W. O. Moss Regional Medical Center in Lake Charles, the former Earl K. Long Medical Center in Baton Rouge, Bogalusa Medical Center in Bogalusa, University Medical Center in Lafayette and Interim LSU Hospital in New Orleans.
Those who have received medical attention from the above hospital locations are advised to monitor their credit reports for possible identity thefts out of an abundance of caution.
Information that was potentially accessible at each location varied, but could have included the following: patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers, addresses and insurance identification numbers.
A few emails contained bank account numbers and health information including a diagnosis, but these instances were limited.
While it is not clear at this point if the hacker definitively had access to this information, it is possible.
Immediately after the cyber-attack was recognized as such, an investigation uncovered the source of the breach, and those impacted have been notified. The extent of the available information is also being investigated.
LSU Health Care Services Division is now looking into updating their security systems and implementing additional procedures to prevent another breach in the future.
Those concerned about identity theft can visit www.identitytheft.gov for a step-by-step process on how to identify and respond to threats.
Any questions concerning this matter can be directed to LSU Health Care Services Division’s Compliance and Privacy Department at 1-800-735-1185.