Conway Regional Health System Notifies Patients of Data Security Incident
Conway Regional Health System has become aware of a data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information. Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, we have taken steps to notify anyone who may have been affected by this incident, including sending letters to potentially impacted patients.
On June 26, 2019, we discovered that some employees’ email accounts had been accessed by an unknown, unauthorized third party as the result of an email phishing attack. We immediately contacted our IT department and computer experts to secure the accounts and determine whether sensitive information could have been at risk. The investigation determined that an unknown, unauthorized third party could have viewed or accessed documents in the accounts that contained patients’ names, addresses, Social Security numbers, health insurance information and limited medical information.
While there is no indication that an unauthorized party accessed or viewed patient information or evidence of patient information being misused, we remain committed to protecting patients’ information and have taken steps to prevent a similar event from occurring in the future. Notification letters sent to potentially affected patients on August 23, 2019 include additional information about what occurred and a toll-free number where patients can learn more about the incident. The call center is available Monday through Friday between 8 AM to 8 PM Central at (855) 964-0517.
The privacy and security of patient information is a top priority for Conway Regional Health System, and we deeply regret any inconvenience or concern this incident may cause.