Intermountain Healthcare provides notice of data security event
July 19, 2021
LAS VEGAS, July 16, 2021 /PRNewswire/ -- Today, Intermountain Healthcare issued notice of a recent data security event that potentially affected the confidentiality of information related to certain patients.
On or about May 17, 2021, Intermountain Healthcare received notice from Elekta, its business associate, that a server with some data relating to Intermountain Healthcare's patients was affected in a data security incident that impacted certain Elekta systems. Elekta reported on or around April 6, 2021, that it had been the victim of a data security incident. On May 17, 2021, Elekta confirmed that this incident resulted in certain PHI stored on the impacted systems becoming accessible to unauthorized person(s) between April 6, 2021 and April 20, 2021. Upon receiving this notification, Intermountain Healthcare immediately worked with Elekta and others to confirm the nature and scope of the data at issue, including whether and how it related to patients of Intermountain Healthcare.
This incident only impacted four Intermountain Healthcare specialty clinics located in southern Nevada that use Elekta's cloud-based clinical care management system for patient care related purposes. Intermountain facilities in Utah or Idaho were not affected. Intermountain's system-wide records were not affected.
Unfortunately, Intermountain Healthcare cannot confirm if any specific information related to the impacted individuals was actually accessed or viewed by an unauthorized person as a result of the Elekta incident. However, Elekta's investigation determined that the data present on their impacted systems at the time of the incident included patient's name and scanned image files. The scanned image files could have included medical images, and information on medical intake forms. The patients may have provided their Social Security number, date of birth, demographic information, insurance card, and other identification cards. Patients' financial account and payment card information was not involved. At this time, there is no evidence or reports that information has been misused.
Intermountain Healthcare is notifying potentially affected individuals by this posting and by mailing letters to potentially affected individuals. Intermountain Healthcare also notified federal and state government regulators. Elekta is offering free credit monitoring and identity restoration services to those affected by this incident. For individuals seeking additional information regarding this incident, a dedicated toll-free assistance line has been established. Individuals may call the assistance line at 866-281-0520 Monday through Friday (excluding U.S. holidays), during the hours of 9:00 a.m. to 11:00 p.m., Eastern Standard Time, and Saturday and Sunday, during the hours of 11:00 a.m. to 8:00 p.m., Eastern Standard Time. Please provide the engagement code, B015985.
Intermountain Healthcare takes this incident and the security of the information in their care very seriously. Elekta migrated Intermountain Healthcare's data to a new-generation cloud system as part of Elekta's commitment to safeguarding customer data. As part of Intermountain's ongoing commitment to protect the information in our care, Intermountain is working to review our existing policies and procedures as they pertain to third-party vendors and working with Elekta to evaluate additional measures and safeguards to better protect against this type of incident in the future. Intermountain Healthcare deeply regrets that this matter occurred and sincerely apologizes for any inconvenience or concern it may have caused.
SOURCE Intermountain Healthcare