GREENVILLE, SC (FOX Carolina) - St. Francis patients will need to keep an eye on their identities after parent company Bon Secours discovered a data breach that may affect some patients' sensitive information.
In an incident notice published on the Bon Secours website, the health system says St. Francis Physician Services had previously employed physicians at Milestone Family Medicine, and learned on January 4 that an unauthorized person gained access to some systems at the clinic. SFPS says the breach was discovered on January 4, 2019, and they immediately took steps to secure patient data and investigate.
SFPS says they determined on server that was breached contained some patient information, including names, dates of birth, addresses, health insurance company, Social Security Number, and information related to care received at Milestone Family Medicine.
While SFPS says they don't believe the information was misused, that are still mailing notification letters to affected patients and providing complimentary credit monitoring and identity theft protection services to anyone whose Social Security Number was on the affected system. SFPS recommends patients review statements from their health care providers closely, and should contact providers if there are charges for services they did not receive.
Anyone with questions should call 1-977-239-1255 Monday through Friday, from 9 a.m. to 9 p.m. Eastern Standard Time.
The full statement follows below:
St. Francis Physician Services previously employed the physicians at Milestone Family Medicine. St. Francis Physician Services is fully committed to maintaining the privacy and security of its patients’ information. Regrettably this notice regards an incident that may have involved some of that information.
On January 4, 2019, we learned that an unauthorized individual gained access to some systems at Milestone Family Medicine. We immediately took steps to secure the systems and began an investigation. We retained a third party forensic firm to assist us in that investigation. We determined that some patients’ information was contained on one of the servers and may have included patients’ names, dates of birth, addresses, health insurance company, social security number and information related to care received at Milestone Family Medicine.
We have no indication that any patient information has been misused in any way. We are mailing notification letters to affected patients and providing complimentary credit monitoring and identity protection services to those patients whose social security number was on the affected system. We recommend affected patients review the statements they receive from their health care providers. If there are charges for services they did not receive, they should contact the provider.
We deeply regret any concern this may cause. To help prevent something like this from happening in the future, we are enhancing technology management and information security risk oversight. If any patients have questions, please call 1-877-239-1255, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time.