March 28, 2014
Notice to our Patients Regarding “Phishing” Scam
Franciscan Medical Group (FMG) is committed to protecting the security and confidentiality of our patients’ personal information. Regrettably, this notice is about an incident involving some of that information.
On January 27, 2014, we learned that “phishing” emails were sent to a small group of FMG employees who responded to the emails thinking they were legitimate requests from our parent company Catholic Health Initiatives. When we learned of this, we immediately secured the affected email accounts and began an investigation, including hiring an outside expert forensics firm. We undertook a comprehensive review of the affected employees’ e-mail accounts and confirmed that the emails contained patient information and may have included patient demographic information (for example, name, address, date of birth, telephone number), clinical information (for example, treating physician and/or department, diagnosis, treatment received, medical record number, medical service code, health insurance information), and in a small number of instances Social Security numbers.
We have no evidence that the information in the emails has been used in any way, however, as a precaution, we began sending letters to affected patients on March 28, 2014 and have established a dedicated call center to answer any questions our patients have. If you believe you are affected but do not receive a letter by April 16, 2014, please call 1-877-283-6556, Monday through Friday between 6:00 a.m. and 6:00 p.m. Pacific Time.
We regret any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have re-enforced education with our staff regarding “phishing” emails and are reviewing enhancements for strengthening user login authentication.