A Notice to Our Patients about a Recent Server Security Incident
St. Peter’s Surgery & Endoscopy Center (the “Center”) takes the privacy and confidentiality of our patients’ information very seriously. Regrettably, this notice is to advise our patients of a server security incident that may have involved that information.
On January 8, 2018, we learned that an unauthorized third party gained access to our servers on that same day. We immediately took steps to secure the information on those servers and began an investigation. We have no evidence that any patient information was successfully accessed or used in any way. However, we were unable to definitively rule that out. For patients previously treated at the Center, their information was contained on the server in question and would have included patients’ names, dates of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information and, in some instances, Medicare information. For those patients without Medicare, social security numbers were not affected. There was NO banking or credit card information contained on the servers in question.
St. Peter’s Surgery & Endoscopy Center is an entity governed and operated separately from St. Peter’s Hospital and Albany Gastroenterology Consultants. This incident was limited to information on our servers and did not involve or affect any staff, servers or information at St. Peter’s Hospital, Albany Gastroenterology Consultants, or any other affiliated surgeons or healthcare organizations.
We mailed letters to affected patients on February 28, 2018. While we have no indication any information was accessed or misused, we recommend our patients check the statements they receive from their health insurer. If the patients see charges for services they did not receive, they should contact the health insurer immediately. For our Medicare patients, as a precaution, we are offering one year of free credit monitoring. If you believe you are affected and have not received a letter by March 21, 2018, please call 1-888-604-3385, Monday through Friday between 9:00 am and 9:00 pm Eastern Time.
We deeply regret any concern or inconvenience this may cause our patients. To help prevent the possibility of future computer security incidents, we are implementing even more stringent information security standards, increasing staff training, and investigating the purchase of additional and more elaborate anti-fraud and virus protection software.