Notice of Data Security Incident

Palmetto Health is notifying individuals of an email phishing incident that resulted in unauthorized access to individual email boxes.
The incident was limited to certain employee email accounts, and did not affect our medical record systems. We believe the purpose of the unauthorized access was to gain access to payroll information.

Upon discovery, we blocked the unauthorized access and then engaged outside technical experts to investigate the incident thoroughly to evaluate the full nature and scope of the access. These experts determined that unauthorized access may have first occurred this past November. They also searched to determine whether sensitive data was located within any of the potentially accessed emails. These same emails were also hand reviewed to obtain names and mailing addresses for use in notification.

After completing this extensive review process, on February 19, 2019, we were alerted to the names of the individuals whose information was within the accounts – which contained some patient names and other patient information typically used by a health care provider in the course of providing treatment or consultation. A lesser portion of the emails contained social security numbers and medical insurance information.

Phishing involves a scammer sending an email that looks perfectly legitimate, but in reality, the email has a malicious link or document within it that, when accessed, allows the scammer to gain the recipient’s email account/passwords – often without the knowledge of the email account owner.

Palmetto Health values the safety and security of patient and employee information and is continuing to take steps to enhance its security measures to help prevent something like this from happening in the future.  We have attempted to notify by letter those patients for whom we had mailing addresses. While we have no evidence that any patient information contained in the affected email accounts has been used inappropriately, we are offering complimentary identity theft protection services to those whose financial data could have been accessed.

We recommend affected persons remain vigilant and monitor account statements and credit reports carefully and report discrepancies to law enforcement. Fraud alerts and security freezes also can be activated to help protect individuals.

Palmetto Health has set up a toll-free hotline to address any questions or concerns. If you are concerned your information was included in this incident, please call 877-239-1279, Monday through Friday, from 9 a.m. to 9 p.m. EST, excluding holidays. The call center will be open until June 28, 2019.


Project READY

Helping adolescents see the consequences of risk-taking

Tips for a back-to-school sleep routine

August 16, 2019