Jan. 5, 2022
As we make progress in our recovery since the cybersecurity incident on Dec. 17, we wanted to provide another update on the status of Capital Region Medical Center services. Throughout this process we have focused on continuing to provide the care our patients expect, and we are proud of the work of our staff who made that possible in recent weeks.
While some services remain impacted, we have made significant progress on restoring systems. Our website is back online, including access to the patient portal and online bill pay.
There is still more work to be done, and our IT staff is working diligently to bring systems back online safely and securely.
The investigation into the incident is ongoing and in the early stages; however, at this time we have indication some individuals’ personal and health information was accessed by an unauthorized third party. We are in the process of reviewing files to determine whose and what specific information was accessed and will notify any individuals in accordance with applicable law.
In the meantime, we encourage patients and employees to be vigilant in reviewing their account statements for unusual activity.
We have provided a short FAQ below with more information. If you have further questions about the incident or for administrative support, we have set up a call center that is available between 8:00 a.m. and 5:30 p.m. Central, Monday through Friday at 855-618-3184.
We appreciate the patience and support of our staff and patients, and will post future updates on this site.
Early on Friday, Dec. 17th, Capital Region Medical Center (CRMC) experienced a disruption to our network systems. Upon discovering the disruption, we promptly disabled our network as a security measure, initiated an investigation into the incident, and a third-party cybersecurity firm was engaged to assist.
What types of data does CRMC have?
As a healthcare provider, CRMC is required to keep some records due to legal and regulatory reasons, which could include health information of patients and employee personal information. We take our responsibility to protect personal data seriously and will continue to take all appropriate measures. If we determine that personal or health information was accessed, we will notify those individuals in accordance with applicable law.
Is my data at risk?
The investigation into the incident is ongoing, and we have indications that some individuals’ personal and health information was accessed or viewed by an unauthorized third party. We are in the process of reviewing files to determine whose and what specific info was accessed and will notify those individuals in accordance with applicable law.
If I think my personal/health information was impacted, what should I do?
We encourage our patients and employees to consider taking the following steps:
- Remain vigilant – Review your account statements and free credit reports.
- Review your health statements – Review the statements you receive from your healthcare provider and health insurer. If you see any medical services that you did not receive, please call the provider or insurer immediately.
- Consider placing a fraud alert or security freeze on your credit file – Credit bureaus have tools you can use to protect your credit, including fraud alerts and security freezes.
- Report suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others who may require proof of a crime to clear up your records. The report may also provide you with access to services that are free to identity theft victims.
Will you let me know if I am impacted?
We are reviewing files to determine whose and what specific info was accessed and will notify those individuals in accordance with applicable law. In the meantime, we encourage individuals to remain vigilant by reviewing their account statements and free credit reports.