Copyright © 2019 Albuquerque Journal
Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to around 183,000 patients and health plan members.
On Friday, Presbyterian began mailing letters to alert the members and patients affected by the breach.
Melanie Mozes, spokeswoman for Presbyterian, said the breach allowed access to names, dates of birth, Social Security numbers and other types of information after a Presbyterian employee responded to a “phishing” scam designed to gain access to private information. Mozes added that most of the victims were New Mexico residents.
She said the health care provider doesn’t believe any of the information has been used in any way. President and CEO Dale Maxwell said in a prepared statement that there is no evidence that hackers accessed electronic health record or billing information.
“At Presbyterian, we take the responsibility of protecting the privacy of our patients and members very seriously,” Maxwell said. “We deeply regret that this event occurred and are committed to taking steps to help prevent this type of incident from happening again.”
Presbyterian serves around 855,000 patients and members across New Mexico.
Phishing scams involve deceptive emails or text messages designed to trick users into giving scammers personal information, according to the Federal Trade Commission. Around May 9, Presbyterian employees fell victim to a deceptive email, allowing anonymous, unauthorized access to information normally protected by the health care provider.
Mozes said Presbyterian became aware of the incident on June 6, and responded by securing and reviewing the affected email accounts and letting federal law enforcement know about the data breach.
Jodi McGinnis Porter, director of communications for the New Mexico Human Services Department, confirmed that some of the residents impacted were Medicaid recipients, though she did not provide an estimate of how many were affected.
She added that the Human Services Department is encouraging Medicaid members who have been a member or who have received health care services through a Presbyterian provider to carefully review their health statements and verify that the information is correct.
“Identity theft is alive and real,” McGinnis Porter said.
In order to prevent future data breaches, Mozes said Presbyterian is adding additional security measures to protect its email system, which will complement its existing annual security training for employees.
Presbyterian is offering free credit monitoring and identity protection services for members. It has also established a dedicated call center to answer questions from impacted members. Members can call 833-297-6405 from 7 a.m. to 7 p.m., Monday through Friday.