Mountain View Hospital sends out notices to patients of possible stolen information
Published at | Updated at
IDAHO FALLS — Some patients of an area hospital as well as their sister hospital and partner clinics will receive notification letters to inform them their information may have been accessed or removed in a recent cyberattack.
Mountain View Hospital, Idaho Falls Community Hospital and its partner clinics have been working to address a cyberattack they came under between April 17 and May 29.
When the hospitals became aware of the incident, they blocked “the unauthorized party and immediately took steps to secure the systems and contain the incident,” hospital spokesperson Brian Ziel told EastIdahoNews.com.
The hospitals also launched an investigation of the incident, with the help of third-party forensics experts and the Federal Bureau of Investigation.
The investigation of the cyberattack revealed that, “certain files had been accessed or removed,” and the hospital initiated a review and analysis of those files to determine their contents.
“This process is time-intensive and is still ongoing,” Ziel said. “As that analysis identifies individuals whose information was contained in the files that may have been involved, we are working to gather current contact information for those individuals.”
On July 3, the hospitals announced that they had begun mailing the notification letters to patients whose information may have been involved in the cyberattack.
This information varies depending on the patient, but it may include some or all of the following, “names, contact information, demographic information, dates of birth, medical record numbers, patient account numbers, diagnosis and treatment information, prescription information, provider names, dates of service, facilities of service, and/or health insurance information.”
“Some patients may have also had Social Security numbers and/or driver’s license numbers involved,” Ziel said.
RELATED | Cyberattack on Mountain View Hospital still ongoing after two weeks
If someone receives a notification letter, they should review their statements from their health insurers. If they see services they did not receive, they should contact the insurer that issued the statement immediately. The hospitals are also offering complimentary credit monitoring and identity theft protection services to patients who may have had their social security numbers or driver’s licence numbers accessed or removed.
When asked whether the hospitals would be able to refund everyone who may have been charged for fraudulent services, Ziel did not directly respond.
“MVH and IFCH care deeply about their communities and the patients they serve, and they take this incident very seriously,” Ziel said.
Ziel said the hospitals and partner clinics are mailing notification letters whose information has been identified so far.
“Those activities are being conducted as quickly and thoroughly as possible and will take time to complete,” Ziel said.
It’s unknown when or if information on suspects in the investigation will be made public.
“Given the ongoing nature of the investigation, we do not have any additional details to provide at this time, and we are not able to comment on any law enforcement investigation,” Ziel said.
Anyone looking for updates on the ongoing situation can find them on the MVH or IFCH website.