Presbyterian reports patient database breach
Breach affects Trigg Memorial Hospital in Tucumcari.
July 31, 2019
About 183,000 patients and health-plan members for Albuquerque-based Presbyterian Healthcare Services may have been affected by database breach in early May that came to light Thursday.
Presbyterian Healthcare operates nine hospitals, including Trigg Memorial Hospital in Tucumcari and Plains Regional Medical Center in Clovis, plus a statewide health plan and a medical group.
According to a news release Friday from Presbyterian, “unauthorized access was gained through a deceptive email to some of Presbyterian’s workforce members sometime around May 9, 2019. Presbyterian believes that the unauthorized access to these email accounts was part of a ‘phishing’ scam trying to get information. These email accounts included patient and/or health plan member names and might have contained dates of birth, Social Security numbers and clinical and/or health plan information.
“Once Presbyterian became aware of this incident, it secured these email accounts, began a thorough review of the impacted emails and alerted federal law enforcement,” the release stated.
Dale Maxwell, CEO of Presbyterian Healthcare Services, stated “we have no evidence indicating any patient or member data has been used in any way, and there was no access to our electronic health record or billing systems.”
Presbyterian stated that federal authorities were notified about the breach.
Maxwell also said in a statement about 183,000 patients and health-plan members may have been affected and “more may be identified and notified in the coming weeks.”
The breach came to light Thursday afternoon when Maxwell sent an email to the board of directors, trustees and other company officials. Clovis Media, a parent company of the Quay County Sun, obtained a copy of the email. Maxwell stated in the email the breach was discovered June 6.
Presbyterian Healthcare stated it began mailing letters Friday to affected patients and health-plan members. It also established a dedicated call center at (833) 297-6405 to answer questions from those affected by the breach.
In the meantime, Presbyterian is urging people to review statements from their health plan or healthcare providers. It will offer free credit monitoring and identity protection services to patients whose Social Security numbers were included in the breach.
“Presbyterian is continuing to investigate and conduct a thorough review of each impacted Presbyterian email account and will continue to notify patients and members who have been affected,” the news release stated. “To help prevent this type of incident from happening again, Presbyterian is taking several steps and implementing additional security measures to further protect our email system. In addition, all workforce members must successfully complete annual mandatory training about the importance of and requirements related to protecting all information.”
The breach does not affect Presbyterian Medical Services, which is another healthcare provider. Presbyterian Medical operates an office in Tucumcari.
Vickie Gutierrez, administrator at Trigg Memorial Hospital, could not be immediately reached for comment.