Notice of Data Security Incident
Sturdy Memorial Hospital (“Sturdy”) is committed to protecting the confidentiality and security of the information we maintain. We recently identified and addressed a data security incident that involved some patient information.
On February 9, 2021, we identified a security incident that disrupted the operations of our IT systems. We immediately took steps to secure our systems, launched a thorough investigation with the assistance of a third-party forensic investigator, and notified law enforcement. Through our investigation, we determined that an unauthorized party gained access to some of our systems during the morning of February 9, 2021. Our systems were secured later that same day. In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed.
On April 21, 2021, our review and analysis of the files involved in the incident determined that information belonging to Sturdy patients was contained in the files. The analysis also determined that information associated with patients of certain other healthcare providers - with which Sturdy previously partnered for the coordination of patient care – was also involved in the incident, including Harbor Medical Associates, South Shore Medical Center, and providers affiliated with South Shore Physician Hospital Organization.
The information involved may have included names, contact information – including address and phone number, dates of birth, Social Security numbers, Driver’s License numbers or other government issued identification numbers, financial account numbers, routing numbers and/or bank names, credit card numbers and security codes, Medicare Health Insurance Claim numbers, medical history information, treatment or diagnosis information, procedure or diagnosis codes, prescription information, provider names, medical record numbers, Medicare/Medicaid numbers, health insurance information, and / or treatment cost information. Note that our electronic health record system was not involved in the incident
On May 28, 2021, we mailed notification letters to the individuals whose information may have been involved, recommending that they review the statements they receive from their healthcare providers and contact the relevant provider immediately if they see services they did not receive. For individuals whose financial account or credit card information may have been involved, we recommend that they review their financial statements for any unauthorized activity, and immediately report any such activity to their financial institution. Additionally, for eligible individuals whose Social Security numbers and/or Driver’s License numbers may have been involved, we are offering complimentary credit monitoring and identity protection services through Experian at no charge.
Sturdy takes this incident very seriously and sincerely regrets any concern this may cause. To help prevent future occurrences of this nature, we have implemented additional safeguards and technical security measures to further protect and monitor our systems. We have also established a dedicated call center to answer any question about the incident. The call center can be reached at 1-855-537-2087, Monday through Friday, between 9:00 AM and 6:30 PM, Eastern Time