Tri-Lakes says security breach detected; patient information may have been compromised

Batesville – An internal investigation at Tri-Lakes Medical Center determined on November 15, 2013  that patient information may have been accessed by malicious software (“malware”) according to a news release from Tri-Lakes Monday.

The release states that the “Patient information on certain computers in its information system may have been accessed. . .”

Malware is software used to disrupt computer operations, gather sensitive information or gain access to private computer systems. 

Tri-Lakes began the internal investigation immediately when information technology professionals were alerted to suspicious network activity.  The investigation revealed that the information technology system suffered a cyber-attack from unknown persons and that the security of certain computers in the network had been compromised, according to the news release. 

The incident has been reported to the United States Department of Health & Human Services and Tri-Lakes has taken steps to mitigate the malware attack and to enhance information security protocols, the release continued.

The compromise enabled access to information of approximately 1,489 patients at Tri-Lakes Medical Center and it is not known whether any personal information was actually accessed by unauthorized persons, but in an abundance of caution, Tri-Lakes is informing those patients of the incident to assist them in protecting their identity.  The potentially affected patients will receive direct mail correspondence from Tri-Lakes, according to the news release. 

The release also stated that information about patients that may have been accessed may have included: name, medical record number, other demographics (such as address), dates of service, social security number or insurance account number, date of birth, the service the patient received, and treatment information.  The news release also states that currently, Tri-Lakes has no reason to believe this information has been accessed by an unauthorized person or misused in a way that would cause harm to the affected patients. 

However, the release continues, as a precautionary measure, Tri-Lakes has established a dedicated information line to provide personal consultation regarding how to receive one year of free credit monitoring and identity theft protection.

The release further states, “Tri-Lakes understands the critical importance of personal information privacy, and sincerely apologizes that this security breach occurred.  Anyone with questions about this incident may contact (866) 252-9553 for more information.”