Friday, June 4, 2021
Notice of Data Security Incident
San Juan Regional Medical Center (“SJRMC”) identified unauthorized access to their network on September 8, 2020. Upon learning of the issue, SJRMC immediately took steps to secure the network and mitigate against any additional harm. After an extensive forensic investigation we determined that as part of this incident, an unauthorized individual removed information from our network September 7-8, 2020. Following a thorough manual document review of the files that were removed, we discovered on April 6, 2021 that the impacted files contained the personal and protected health information of certain patients.
The impacted information includes names, dates of birth, Social Security numbers, driver’s license numbers, passport information, financial account numbers, health insurance information, and medical information (diagnosis, treatment, medical record number, patient account number). This incident does not impact all SJRMC patients and not all information was impacted for all individuals. SJRMC is now notifying individuals so that they can take steps to protect their information.
We have no evidence that any of information has been misused. Nevertheless, in addition to providing this website notice, SJRMC is sending notification to all affected patients for whom we have enough information to determine a physical address. We have also set up a dedicated call center. SJRMC is offering complimentary credit monitoring services to those individuals whose Social Security numbers were contained in the files that were removed. Notified individuals can also take additional precautionary measures, including placing fraud alerts and/or security freezes on credit files, and obtaining a free credit report. Additionally, individuals should always remain vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis. Notified patients should monitor insurance statements for any unauthorized transactions.
SJRMC takes this incident and security of personal information very seriously. Cybersecurity threats continue to evolve and as a result, SJRMC has taken additional steps to secure its network and improve internal procedures to identify and remediate future threats. SJRMC continues to assess and update its internal policies and procedures in order to minimize the risk of a similar incident in the future.
For further questions or additional information regarding this incident, or to determine if you may be impacted by this incident, please contact the dedicated toll-free response at 855-535-1836, Monday through Friday, 7:00 am to 7:00 pm Mountain Time.