On Sept. 18, Episcopal Health Services became aware of suspicious activity in employee email accounts. They immediately began an investigation to determine what happened and what information may have been affected. With the assistance of third party forensic investigators, they determined that certain employee email accounts were subject to unauthorized access between Aug. 28 and Oct. 5. These email accounts were then reviewed to determine whether they contained any protected health or personal information. On Nov. 1, Episcopal Health Services determined that the accounts subject to unauthorized access contained protected health information of certain individuals. Episcopal Health Services is not aware of any reported attempted or actual misuse of any personal information as a result of this event. The types of information contained within the potentially impacted emails are: Social Security number, date of birth, financial account information, medical history information, prescription information, medical record number, treatment or diagnosis information, and health insurance information or policy number. The types of information varied by individual.
On Nov. 15, Episcopal Health Services began mailing notice letters to individuals whose information was contained within the impacted accounts and for whom they had a postal address. Episcopal Health Services has offered potentially impacted individuals access to credit monitoring and identity theft protection services for one year without charge.
Episcopal Health Services encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Episcopal Health Services is providing potentially impacted individuals with contact information for the three major credit reporting agencies, as well as providing advice on how to obtain free credit reports and how to place fraud alerts and security freezes on their credit files. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.
