Cheyenne Regional Medical Center revealed it’s in the process of notifying patients about a security incident that might have exposed their personal data.
On April 12, 2019, Cheyenne Regional Medical Center (CRMC) first discovered suspicious activity involving a small number of its employees’ email accounts.
The Cheyenne-based hospital responded by launching an investigation into what happened. This effort revealed that an unknown third party might have accessed certain patients’ personal information that resided in those employees’ email accounts at the time of compromise. That data might have included patients’ names, Social Security Numbers, medial information, health insurance details and payment card credentials.
Jacqueline Van Cleave, CRMC’s Compliance and Privacy Officer, explained that the hospital securely stores patient information in its electronic health records (EHR) system. She did note, however, that staff and providers can securely exchange certain information via email for the purpose of conducting consultations or fulfilling administrative duties.
In a statement, Van Cleave explained that CRMC is using its priorities of information privacy and security to better protect its patients going forward:
Because we care about our patients and our community, we are taking an abundance of caution and notifying patients their information potentially could have been viewed. We have since taken additional steps to further strengthen the security of our systems, including our email accounts. We sincerely regret any inconvenience or concern this incident has caused and are committed to working with any individuals who may have questions or concerns.
Upon receiving their notification letter from Cheyenne Regional Medical Center, patients affected by the incident will have the option of enrolling with identity and credit monitoring services at no cost to them.
In the meantime, these individuals can contact the hospital’s dedicated toll-free line at 1-844-931-1882. They might want to also preemptively take some steps to protect themselves against identity theft by reviewing their financial statements for suspicious activity and by placing a security freeze on their credit files.