SALINA, Kan., April 10, 2020 /PRNewswire/ -- Saint Francis Ministries is providing notice of an incident that may affect the security of certain individuals affiliated with Saint Francis. While Saint Francis is unaware of any attempted or actual misuse of this information, notice is being provided to potentially affected individuals, as well as certain state and federal regulators.
On December 19, 2019, Saint Francis became aware of suspicious activity relating to one of its employee's email accounts. Saint Francis took steps to secure the email account and began working with outside computer forensics specialists to determine the nature and scope of the activity. On February 12, 2020, the investigation determined that an unknown actor accessed the email account between December 13, 2019, and December 20, 2019. Unfortunately, the investigation was not able to determine if any email or attachment was actually accessed or viewed. Saint Francis was only able to confirm that the email account was subject to unauthorized access.
With the assistance of third-party specialists, a comprehensive review of the contents of the impacted email account was performed to identify the personal information in the email account. On March 24, 2020, Saint Francis determined that information for certain individuals was located in the email account when it was subject to unauthorized access and may have been accessible to the unauthorized actor.
The investigation determined the impacted email accounts contained the following types of information for certain individuals at the time they were subject to unauthorized access: Social Security Number, Date of Birth, Driver's License or State ID, Bank or Financial Account Number, Credit or Debit Card Number, Treatment or Diagnosis Information, Prescription Information, Provider Name, Medical Record Number or Patient ID, Medicare or Medicaid Number, Health Insurance Information, Treatment Cost Information, and Username and Password. At this time, Saint Francis is unaware of any actual or attempted misuse of any personal or protected health information relating to this incident.
On April 17, 2020, Saint Francis will begin mailing notice letters to affected individuals for whom it has address information. The notice encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to their insurance company, health care provider, or financial institution. Information on obtaining a free credit report annually from each of the three major credit reporting bureaus can be obtained by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 1-800-685-1111, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289, www.transunion.com. Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual's state Attorney General.
Saint Francis takes information privacy and security matters extremely seriously and will remain vigilant in its efforts to safeguard and protect sensitive information, while taking any additional steps that may be necessary to mitigate and remediate this incident. Additional information about the data event is available at saintfrancisministries.org.
SOURCE Saint Francis Ministries