Cedar Springs Hospital – Notice of Data Incident

health news

COLORADO SPRINGS, Colo., Dec. 9, 2020 /PRNewswire/ — Cedar Springs Hospital is providing notice of an incident that may affect the security of information relating to certain Cedar Springs Hospital patients.   

Cedar Springs Hospital recently received a request from its licensing agency, the Colorado Department of Public Health & Environment (“CDPHE”), for certain hospital records.  As a licensed healthcare provider, Cedar Springs Hospital is subject to periodic surveys by CDPHE and in connection with those surveys, the CDPHE is entitled to various hospital records, including, but not limited to, those containing patient health information.  In late October, in connection with a survey, the CDPHE requested Cedar Springs Hospital copy a number of records onto an external drive that CDPHE provided to the facility.  Cedar Springs Hospital complied with the request.  On October 28, 2020, CDPHE notified Cedar Springs Hospital that the surveyor misplaced the external device containing the documents. Cedar Springs Hospital learned at that time that, contrary to CDPHE’s policy, the external device that the CDPHE surveyor provided for use was not encrypted. CDPHE could not rule out the possibility that an unauthorized individual could access the information, if that individual obtained possession of the CDPHE external device. Cedar Springs Hospital immediately began investigating what patient-specific information had been copied onto the external device.  On November 9, 2020, Cedar Springs Hospital completed its review and confirmed the records that were downloaded to the external device which were provided to, and misplaced by, CDPHE. The investigation determined that the type of information provided to CDPHE included name, address, date of birth, Social Security Number, medical record number, patient identification number, health insurance information (including health insurance number), treatment history (including dates of treatment, treatment location, and treating physician), medical diagnosis information, and prescription information.

The confidentiality, privacy, and security of patient information is among Cedar Springs Hospital’s highest priorities, and Cedar Springs Hospital takes this incident very seriously.  Upon learning of this incident, Cedar Springs Hospital moved quickly to investigate and to identify the individuals whose information was potentially impacted.  Cedar Springs Hospital has strict policies and procedures in place to protect the information of patients in its care and is evaluating safeguards to prevent a similar event from occurring again. Cedar Springs Hospital is working with CDPHE to obtain additional information about the incident, including why CDPHE policy was not followed and why an unencrypted external device was utilized.  Cedar Springs Hospital is notifying individuals whose information may have been impacted by this incident and is providing general information on what they can do to protect their information. 

For additional questions, Cedar Springs Hospital has established a dedicated assistance line that may be reached at 800-686-4153 7:00 am to 7:00 pm Mountain Time Monday through Friday (excluding some U.S. national holidays). Individuals can also write to Cedar Springs Hospital Attn: Risk Department at 2135 Southgate Road, Colorado Springs, CO 80906.

Cedar Springs Hospital encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious activity.  Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  They may also contact the three major credit reporting agencies directly to request a free copy of their credit report.

The major consumer reporting agencies are listed below:

Individuals can also further educate themselves regarding identity theft, fraud alerts, security freezes, and the steps to take to protect information by contacting the consumer reporting agencies, the Federal Trade Commission, or their state Attorney General.

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.  Further information on how to file such a complaint can be found by way of the contact information listed above.  Individuals also have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, in general individuals will likely need to provide some proof they have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement and to the individual’s state Attorney General.

View original content:http://www.prnewswire.com/news-releases/cedar-springs-hospital–notice-of-data-incident-301189953.html

SOURCE Cedar Springs