Capital Region Medical Center (“CRMC”) is notifying individuals whose information may have been involved in a recent cybersecurity incident. This notice explains what happened and the steps CRMC is taking in response.
What Happened?
On Friday, December 17, 2021, CRMC experienced a disruption to our network systems. Immediately upon discovering the disruption, CRMC promptly disabled our network as a security measure, initiated an investigation into the incident, and a third-party cybersecurity firm was engaged to assist. Law enforcement was also notified, and on December 23, 2021, notice of the incident was provided to the public. The investigation concluded that an unauthorized third party gained access to files containing personal and health information.
What Information Was Involved?
Based on the investigation to date, while there is no indication that the electronic medical health record database was accessed, CRMC has determined that personal and health information relating to some patients was contained in files accessible to the unauthorized third party. Such information included first and last name, date of birth, full mailing address, medical information, and health insurance information. For some individuals, Social Security numbers, driver’s license numbers, and financial account information may have been accessed.
What is CRMC Doing in Response?
While there is no evidence of any instances of fraud or identity theft as a result of this incident, out of an abundance of caution, CRMC has begun notifying individuals whose information was involved and for whom CRMC has a valid mailing address to provide additional information and resources to help protect their information. For those individuals whose Social Security Numbers or driver’s license numbers were involved, CRMC is offering one year of credit monitoring at no cost. We also recommend that affected individuals review any statements they receive from their health care providers or health insurers. If you see any medical services that you did not receive, please call the provider or insurer immediately.
CRMC takes the privacy and confidentiality of the information it maintains seriously, and deeply regrets that this incident occurred and for any concern this may cause. CRMC continues to evaluate its security practices, and to help prevent something like this from happening again, CRMC will continue to identify opportunities to implement additional cybersecurity measures.
What You Can Do.
Remain vigilant – We encourage you to remain vigilant for fraud or identity theft by reviewing your account statements and free credit reports.
Review your health statements – Review the statements you receive from your healthcare provider and health insurer. If you see any medical services that you did not receive, please call the provider or insurer immediately.
Consider placing a fraud alert or security freeze on your credit file – Consumer reporting agencies have tools you can use to protect your credit, including fraud alerts and security freezes.
Report suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others who may require proof of a crime to clear up your records. The report may also provide you with access to services that are free to identity theft victims.
For More Information.
CRMC has established an external call center dedicated to answering questions about this incident. The call center can be reached toll-free at 855-618-3184, Monday through Friday, between 8:00 a.m. and 5:30 p.m. CDT.