FREEPORT, ILLINOIS — FHN announced Friday July 31 that it is mailing letters to patients whose information may have been involved in a recent incident involving unauthorized access to a limited number of FHN employee email accounts.
On April 30, 2020, FHN’s ongoing investigation into an email compromise incident determined that a limited number of FHN employees’ email accounts may have been accessed by an unauthorized person. At that time, it was not known specifically what information may have been contained in the accounts. After identifying suspicious activity within the employees’ email accounts, FHN immediately took steps to secure the accounts and a leading computer forensic firm was engaged to assist with the investigation. The investigation determined that an unauthorized person accessed the accounts between February 12, 2020 and February 13, 2020. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, FHN reviewed emails and attachments contained in the email accounts to identify patient information that may have been accessible to the unauthorized person. As a result of that review, FHN identified emails and/or attachments in the accounts containing patient information, which may have included some patients’ names, dates of birth, medical record or patient account numbers, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers have also been identified in the accounts.
This incident did not affect all FHN patients, but only those patients whose information was contained in the affected email accounts.
FHN has no indication that individuals’ information was actually viewed by the unauthorized individual, or that it has been misused. However, as a precaution, FHN began mailing notification letters to those whose information was found in the affected accounts. FHN has also established a dedicated, toll-free call center to answer questions individuals may have about the incident. Patients with questions can call 1-888-800-3306, Monday through Friday, from 8:00 a.m. to 5:00 p.m. Central Time. For patients whose Social Security numbers and/or drivers’ license numbers were identified in the email accounts, FHN is offering complimentary credit monitoring and identity protection services. FHN recommends that affected patients review statements they receive from their health insurers and healthcare providers. If they see charges for services not received, they should contact the insurer or provider immediately.
FHN regrets any concern or inconvenience this incident may cause. FHN remains committed to protecting the confidentiality and security of patient information. To help prevent something like this from happening in the future, FHN has reinforced education with its staff regarding how to identify and avoid suspicious emails and is making additional security enhancements to its email environment, including enabling multi-factor authentication.
Additional information is posted on FHN’s website at www.fhn.org/data-indicdent.asp.
FHN, a not-for-profit organization with nearly 1,200 employees, is an award-winning regional healthcare system committed to the health and well-being of the people of northwest Illinois and southern Wisconsin. FHN Memorial Hospital has been recognized as one of the state’s top hospitals for safety by the Leapfrog group and Healthgrades as well as by the world’s largest, completely independent, non-profit product- and service-testing organization. FHN caregivers serve an average of 1,500 people each day across FHN’s 19 locations in 5 counties spanning northwest Illinois. Organized in 1995 as an integrated healthcare delivery system, FHN is comprised of FHN Memorial Hospital, the Leonard C. Ferguson Cancer Center at FHN Memorial Hospital, 13 family healthcare centers offering primary and specialty medical care, hospice, and outpatient mental health services. For more information about FHN, please visit www.fhn.org.