Twin Lakes Regional Medical Center (TLRMC) announced on Monday morning, July 27 that the hospital had been notified of a national data security breach that may have affected the security of protected health information relating to individuals who registered on a patient portal/personal health record used by the Commonwealth of Kentucky and TLRMC.
According to a news release from the local hospital, TLRMC participated in the Kentucky Health Information Exchange (KHIE), an electronic network that supports health information exchange among healthcare providers and organizations throughout the Commonwealth.
The KHIE contracted with Xerox Corporation to use its NoMoreClipboard patient portal product. NoMoreClipboard is a national company that was the target of a sophisticated cyber attack in May which has compromised the security of some protected health information.
The affected data may include patient name, home address, e-mail address, date of birth, and Social Security number. No financial or credit card information was compromised, as this information is not collected or stored, the release states.
To be included in the breach, patients must have registered for the MyHealthNow patient portal through NoMoreClipboard during a visit to TLRMC during the time periods of Dec. 1, 2014 to March 12, 2015 or March 23, 2015 to April 8, 2015.
“Additionally, and this is very important to note, affected patients must then have taken the additional step of going on the NoMoreClipboard website, registered, and uploaded their personal information,” said TLRMC Director of Planning and Marketing Bill Oldham in the release.
However, not every patient who registered at TLRMC during the time periods listed is affected by the situation.
“At this time it is not possible for TLRMC to determine the number of people this affects,” Oldham said. “However, it is believed the number should be kept to a minimum since the system was only recently put into place.”
If a patient took the aforementioned steps to register at NoMoreClipboard, and his or her information may have been compromised, he or she will be contacted by NoMoreClipboard, not TLRMC. The information will include what to do and contact information for questions.
The public is asked not to contact TLRMC because “the breach did not involve any information stored by Twin Lakes Regional Medical Center or by any local doctor’s office,” the release states.
“Twin Lakes Regional Medical Center is committed to protecting patients’ information and to being as transparent as possible to the community we serve,” said Oldham. “We will keep the public informed of any new developments in this situation as they happen.”
Internal and law enforcement investigations into this incident are ongoing.
The investigation indicates the unauthorized access to the network occurred on May 7, 2015 through May 8, 2015. The attackers regained unauthorized accessed to the network again on May 25, 2015.
To better assist those who may potentially have been affected, a confidential, toll-free hotline has been established to answer questions. This hotline is available Monday through Friday, from 8 a.m. to 8 p.m. (CST) and can be reached at 866-328-1987.
As the investigations continue, and out of an abundance of caution, NoMoreClipboard is also offering credit monitoring and identity protection services to affected individuals, free of charge, for the next 24 months. Participants can call the toll-free call center with questions relating to this data security event, and the support and services being provided.
To learn more, visit www.nomoreclipboard.com/notice.
Reach Matt Lasley at 270-259-9622, ext. 2015.