CHARLESTON, SC (WCSC) - Roper St. Francis Healthcare officials are sending letters to patients whose information may have been affected by a recent phishing attack.
The facility discovered on Nov. 30, 2018, that someone may have gained unauthorized access to the email accounts of 13 employees between Nov. 15 and Dec. 1, according to spokesman Andy Lyons. The discovery was made after Roper employees received “phishing” emails, clicked on a provided link and offered their credentials, believing the requests to be legitimate, he said.
“The phishing attack did not affect Roper St. Francis Healthcare operations,” Lyons said in a release. “We immediately took steps to secure the email accounts and began investigating what occurred.”
Roper St. Francis hired a leading forensic security firm, who determined the employees’ email accounts contained some information, including patients’ names, medical record numbers, services received and health insurance.
“There is no indication any patient information has been misused, and our Electronic Medical Record was not accessed,” Lyons said.
Roper St. Francis is offering complimentary credit monitoring and identity protection services for 25 patients whose Social Security numbers and financial information were included in teammates' emails. We recommend all patients review the billing statements they receive from their healthcare providers. If there are services the patient did not receive, please contact the provider immediately.
To help prevent something like this from happening again, Roper St. Francis officials say they are enhancing their email security and continuing education with our staff on email protection.
Any patients who have questions can contact 1-877-231-1926, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time.