Nearly four months after Presbyterian Healthcare Services reported a data breach that allowed unauthorized access to personal information belonging to over 180,000 patients and health plan members, the provider sent out a notification letter telling its members the company does not believe anyone has improperly used that data.
Dale Maxwell, president and chief executive officer of Presbyterian Healthcare Services, said in an email Tuesday that “while the investigation is ongoing, we want to stress that we have no evidence indicating that any patient or member data has been used in any way and there was no access to our electronic health record or billing systems.”
Presbyterian Healthcare Services spokeswoman Amanda Schoenberg said the investigation revealed more people may have been affected by the illegal action. So the provider sent about 276,000 letters, dated Nov. 25, to its patients about the issue.
Though one Santa Fe woman contacted The New Mexican with concerns that she had received a scam robocall from an 866 number requesting personal information, Schoenberg said “that was a Presbyterian Health Plan number related to medication adherence.”
In August, the health care provider said the May data breach allowed access to names, dates of birth, Social Security numbers and other types of information after a Presbyterian employee responded to a phishing scam designed to retrieve that information.
In the November follow-up letter, Presbyterian said “certain affected email accounts included data containing your name and might have contained your date of birth, clinical and-or health insurance information.”
Maxwell said Tuesday that Presbyterian takes” the responsibility of protecting the privacy of our patients and members very seriously. We deeply regret that this event occurred and are committed to taking steps to help prevent this type of incident from happening again.”
He encouraged patients and members who believe they have been affected by the breach to call 833-297-6405 for assistance.
Schoenberg said there is no evidence that any of the accessed information has “been downloaded or otherwise misused.”