For the second time in less than two months, Spectrum Health Lakeland is having to deal with a vendor-related data breach, and is working to notify more than a thousand patients who might have been impacted by the incident.
Spectrum Health Lakeland reports this morning that they are in the process of notifying approximately 1,100 patients about a data security issue involving a vendor. OS, Inc., a billing services company, confirmed that an unauthorized individual accessed an email account of one of their employees. The OS, Inc. email account contained information related to certain Spectrum Health Lakeland patients.
OS, Inc. engaged a third-party security expert to investigate. The expert found no evidence that patient information had been misused as a result of the attack. It also could not confirm that information had not been removed so the incident has been reported to regulators as a data breach.
Spectrum Health has been working with its own technology experts since it was notified of the problem on March 8, 2019. The information in question includes patient name and address, type of health service(s) provided, date(s) of those services, diagnosis and health insurance provider. Information that was not involved includes Social Security numbers, driver’s license numbers and financial information.
Spectrum Health has arranged for free identity theft protection and resolution services through Experian IdentityWorks for affected patients for 12 months and is recommending they regularly review account statements and periodically obtain a credit report. Patients will receive a letter in the next two to five days if their information was possibly affected which will include more information on how to register for Experian IdentityWorks.
Spectrum Health regrets any concern this incident may cause the affected patients and their families, and is working closely with OS, Inc. to prevent this from happening again.
For questions regarding this issue, the public may call Spectrum Health Lakeland at 877-890-2045 or visit www.lakelandhealth.org/datasecurity for more information.
The hospital system faced a similar data breach last winter that was revealed in mid-March. That incident involved Wolverine Services Group, a mailing company, and involved more than 60,000 patients impacted. Here’s the link to that story reported here on Moody on the Market: