Date: October 15, 2018
Ransom Memorial Health Notifies Patients and Employees, Offers Protection Following Phishing Attack
Ransom Memorial Health (RMH) leaders announced today that they are investigating a phishing attack that may have affected their patients and employees.
Immediately after discovering that several employee email accounts were compromised, RMH alerted law enforcement and Federal and state regulators. RMH discovered that the attack may have exposed 16,366 individuals, including 15,111 individuals in the state of Kansas. The information potentially exposed includes some combination of personal health information, social security numbers, bank account numbers, credit card numbers, driver’s license numbers, biometric data, and passport information may have also been exposed.
“The most important thing is that this issue has no impact on patient care,” said Brenda Pfizenmaier, Director of PR, Wellness, Diabetes & Nutrition. “Security is a top priority for our health care institution. Nothing leads us to believe that this information is in the hands of someone it should not be and there is no indication that any associated information is being bought or sold on the Internet. Out of an abundance of caution, we are notifying those potentially affected and offering them one year of credit monitoring at no charge.”
“While we are keenly focused on the investigation and security enhancements, everyone’s efforts right now are concentrated on our affected patients,” Pfizenmaier said. “If one patient is impacted – that’s one too many.”
For more information, contact ransom.org/ransomprotects or a special hotline RMH has created to answer questions, 877-393-1052.
About Ransom Memorial Health
Ransom Memorial Health is a 44-bed acute care and outpatient care hospital offering a range of health services to Franklin County and surrounding areas. RMH strives to have a positive impact on the lives of patients, their families, and their healthcare partners no matter what their needs may be. Key services include cardiology, obstetrics, emergency medicine, gynecology, urology, pediatrics, pulmonology, oncology, nephrology, neurology, occupational medicine, otolaryngologist, sleep medicine, wound care, express care, orthopedics, diagnostic imaging with digital mammography, general surgery, physical, occupational, speech therapy, family/internal medicine and much more.
Frequently Asked Questions
1) What happened?
We value and respect the privacy of our employees’, patients’, providers’ and partners’ information. We deeply regret that this incident occurred, and we apologize for any inconvenience or concern it may cause you. We have fixed the issue and we are further enhancing the security of our systems and training to help prevent something like this from happening again.
Ransom Memorial Health discovered on September 24, 2018 that several employee email accounts were compromised by a phishing attack. We immediately launched a full investigation, engaging one of the nation’s premier forensic firms to ensure the issue was remediated and our system secure. This issue has been fixed.
2) What information was believed to be compromised?
It is important to note that there is no evidence to suggest that any personally identifiable information or personal health information has been misused. Additionally, there is no indication that any associated information is being bought or sold on the Internet.
The information potentially exposed includes some combination of personal health information, social security numbers, bank account numbers, credit card numbers, driver’s license numbers, biometric data, and passport information may have also been exposed.
Out of an abundance of caution RMH is notifying, by mail, certain individuals and offering them one year of credit monitoring at no charge to them. If you do not receive a letter within the next 10 days, you are not at risk in this incident.
3) Am I affected?
If you suspect you are impacted, you can contact our hotline number (877-393-1052) and our operators can answer that question.
4) Is law enforcement aware?
Yes, law enforcement was notified as well as Federal and state officials.
5) What are you doing in the future to protect the security of such information? What are you doing for me?
Though a large majority of our current and past patients and employees are not impacted by this incident, we understand that fact is irrelevant to those who are impacted. We are working to protect those affected.
Though there is no evidence to suggest that any information has been misused, out of an abundance of caution RMH is notifying, by mail, those potentially affected and offering them one year of credit monitoring at no charge to them. If you do not receive a letter within the next 10 days you are not at risk in this incident.
RMH has established a dedicated call center (877-393-1052) and posted a message on our website (ransom.org/ransomprotects), to address any further questions related to the incident.
In addition to these measures, RMH is reinforcing its policies and training with additional instruction to remind employees what is expected of them.