Patients

Home / Patients / Malware Incident FAQ

Malware Incident FAQ

(1)            What happened?

 

On September 8, 2020, San Juan Regional Medical Center identified unauthorized access to the SAN JUAN REGIONAL MEDICAL CENTER network. Upon learning of the issue, SAN JUAN REGIONAL MEDICAL CENTER immediately took steps to secure the network and mitigate against any additional harm. SAN JUAN REGIONAL MEDICAL CENTER launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to determine whether any sensitive data had been compromised as a result. After an extensive forensic investigation we determined that as part of this incident, an unauthorized individual removed information from our network September 7-8, 2020. Following a thorough manual document review of the files that were removed, we discovered on July 13, 2021 that the impacted files contained some of your personal information.   

 

(2)            How did this happen?

 

SAN JUAN REGIONAL MEDICAL CENTER identified unauthorized access to the SAN JUAN REGIONAL MEDICAL CENTER network, immediately took steps to secure the network and mitigate against any additional harm, and launched an investigation in consultation with outside cybersecurity professionals. After an extensive forensic investigation, SAN JUAN REGIONAL MEDICAL CENTER determined that data was removed from the environment.

 

(3)            Did SAN JUAN REGIONAL MEDICAL CENTER pay a ransom?

 

No, SAN JUAN REGIONAL MEDICAL CENTER did not pay any ransom. SAN JUAN REGIONAL MEDICAL CENTER was not the victim of a ransomware attack. Files and data on the SAN JUAN REGIONAL MEDICAL CENTER system were not encrypted or held hostage in an extortion attempt. Systems impacted by the malware were taken offline as a precautionary measure. Steps were taken the secure the network and mitigate against additional harm, and then were brought back online.

 

(4)            Why did I receive a notification from SAN JUAN REGIONAL MEDICAL CENTER?

 

SAN JUAN REGIONAL MEDICAL CENTER sent you this notification letter out of an abundance of caution. The letter’s purpose is to share the steps SAN JUAN REGIONAL MEDICAL CENTER has undertaken since discovering the incident, and provide you guidance on what you can do to protect yourself. If your Social Security number was contained on one of the impacted files, the letter also offers a membership in Equifax Credit Watch Gold.

 

(5)            I received a notification from SAN JUAN REGIONAL MEDICAL CENTER about a security incident. Does this mean someone has misused or will misuse my information?

 

Not necessarily. To date, SAN JUAN REGIONAL MEDICAL CENTER has no evidence that any of the personal information has been misused. SAN JUAN REGIONAL MEDICAL CENTER sent you the notification letter because it is being abundantly cautious. The purpose of the letter is to make you aware of the incident at SAN JUAN REGIONAL MEDICAL CENTER and provide you with guidance on what you can do to further protect yourself.

(6)            I already received a letter about this incident. Why am I receiving another letter?

 

SAN JUAN REGIONAL MEDICAL CENTER conducted an extensive forensic investigation and manual document review relating to this matter. The manual document review of the impacted files was extensive and required significant time to complete. The data that was impacted by this incident came from several different sources, and some of those sources contained data that was difficult to read and/or merged with unrelated data. As a result, SJRMC provided two rounds of notification – one in June and one in September. If you have received similar or duplicate letters, that could be for one or more of the following reasons:

 

§  The letter previously sent to you did not identify that your Social Security number was impacted. As the manual document review continued, SAN JUAN REGIONAL MEDICAL CENTER identified additional documents, and one or more of those documents included your SSN. Because that information was new, SAN JUAN REGIONAL MEDICAL CENTER provided you with a follow-up notice and information about enrolling in credit monitoring services.

 

§  The letter (or letters) you are now receiving are duplicates of the letter you previously received. We meticulously examined the data and made every attempt to remove all duplicate entries before letters were mailed. Not all duplicate letters were caught. We apologize for any inconvenience and/or confusion.

 

(7)            Who is affected by this incident?

 

Certain individuals who are primarily SAN JUAN REGIONAL MEDICAL CENTER patients or guarantors may have been affected by this incident.

 

(8)            How many SAN JUAN REGIONAL MEDICAL CENTER patients were impacted by this incident?

 

SAN JUAN REGIONAL MEDICAL CENTER is sending notification letters, and providing website notice, to all impacted individuals so those individuals can take steps to protect their information. If you did not receive a notice letter and you think you may be impacted, please provide your full name and date of birth and I will confirm whether your information may have been compromised as a result of this incident.

 

(9)            I don’t want to receive any mail from SAN JUAN REGIONAL MEDICAL CENTER. Why did I get this?

 

We are required by law to provide notification of this incident to impacted individuals.

 

(10)        What information of mine was involved?

 

The notice letter that you received states which of your information was impacted. The information impacted varies widely from person to person and I do not have the ability to tell you anything more than what your notice letter told you.

 

(11)        Was my Social Security number involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(12)        Was my driver’s license number involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(13)        Was my credit/debit card information involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(14)        Was my financial account number involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(15)        Was my medical information involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(16)        Was my username/password involved?

 

Only if the notice letter that you received states that it was. The information impacted is different for each person.

 

(17)        What has the unauthorized person done with my information? As a result of this incident, will I become a victim of identity theft? Does SAN JUAN REGIONAL MEDICAL CENTER have any reports of actual misuse of the information as a result of this incident? Has SAN JUAN REGIONAL MEDICAL CENTER seen any indications that information was stolen?

(18)       
Not necessarily. To date, SAN JUAN REGIONAL MEDICAL CENTER has no evidence that any of the personal information in the affected files has been misused in any way. SAN JUAN REGIONAL MEDICAL CENTER sent you the notification letter because it is being abundantly cautious. The purpose of the letter is to make you aware of the incident at SAN JUAN REGIONAL MEDICAL CENTER and provide you with guidance on what you can do to further protect yourself.

 

(18)     Why am I receiving a letter for my deceased relative (spouse, child, next of kin)? I don’t want to receive any letters for my deceased relative.

 

We are required by law to provide the estate of impacted decedents with information about the incident.

 

(19)        Why was there a delay in notification of this incident?

 

There has been no delay in notification. Upon learning of the issue, SAN JUAN REGIONAL MEDICAL CENTER immediately took steps to secure the network and mitigate against any additional harm, and launched an investigation in consultation with outside cybersecurity professionals. These investigations take time, even with the assistance of experienced cybersecurity professionals like those retained by SAN JUAN REGIONAL MEDICAL CENTER. After an extensive forensic investigation SAN JUAN REGIONAL MEDICAL CENTER determined that as part of this incident, an unauthorized individual removed information from SAN JUAN REGIONAL MEDICAL CENTER network September 7-8, 2020. Following a thorough manual document review of the files that were removed, SAN JUAN REGIONAL MEDICAL CENTER discovered on July 13, 2021 that the impacted files contained some of your personal information. SAN JUAN REGIONAL MEDICAL CENTER worked to notify impacted individuals as quickly as possible.

 

(20)        My name is not correct. My name is mispelled and/or the middle name on the letter is not accurate. Why is this information incorrect? Do I need to do anything about it?

 

The data that was impacted by this incident came from several different sources, and some of those sources contained data that was difficult to read and/or merged with unrelated data. We meticulously examined the data and made every attempt to correct inaccurate information before letters were mailed. Not all incorrect data was caught. We apologize for any inconvenience and/or confusion.

 

The official records that SAN JUAN REGIONAL MEDICAL CENTER has related to you as a patient do not need to be updated or corrected. There is no action that you need to take.

 

(21)        Should I close my credit/debit card account?

 

If your notice letter states that your credit or debit card was impacted, we recommend that you contact the issuing institution to inquire about steps to take to protect your account, including whether you should close your account or obtain a new account number. Additionally, it is a good idea to remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.

 

(22)        Should I close my financial/bank account?

 

If your notice letter states that your bank or financial account number was impacted, we recommend that you contact your financial institution to inquire about steps to take to protect your account, including whether you should close your account or obtain a new account number. Additionally, it is a good idea to remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.

 

(23)        What is SAN JUAN REGIONAL MEDICAL CENTER doing in light of this incident?

 

Upon learning of the issue, SAN JUAN REGIONAL MEDICAL CENTER immediately took steps to secure the network and mitigate against any additional harm, and launched an investigation in consultation with outside cybersecurity professionals. SAN JUAN REGIONAL MEDICAL CENTER has notified impacted individuals of this incident.

 

SAN JUAN REGIONAL MEDICAL CENTER is committed to maintaining the privacy of personal information in their possession and have taken many precautions to safeguard it. They are continually evaluating and modifying cybersecurity practices, and enhancing internal controls and reviews to adapt to the evolving cybersecurity landscape.

 

(24)        How do I know if my information was involved in this incident?

 

SAN JUAN REGIONAL MEDICAL CENTER has notified those potentially affected via U.S. Mail. If you did not receive a notice letter and you think you may be impacted, please provide your full name and date of birth and I will confirm whether your information may have been compromised as a result of this incident.

 

(25)        What can I do to protect myself?

 

SAN JUAN REGIONAL MEDICAL CENTER suggests you consider taking the following steps:

 

·         Enroll in the credit monitoring services offered at no cost to you, if you are eligible. If your social security number was exposed, you are eligible and you received enrollment instructions and an activation code in your letter.

·         You should always remain vigilant in reviewing your financial account statements for fraudulent or irregular activity on a regular basis.

·         If your notice letter states that your financial account number or payment card data was impacted, SAN JUAN REGIONAL MEDICAL CENTER recommends that you contact your financial institution to inquire about steps to take to protect your account, including whether you should close your account or obtain a new account number.

·         You may consider placing a fraud alert and/or security freeze on your credit file.

·         You may order a free credit report.

·         If your notice letter states that your medical information was impacted, SAN JUAN REGIONAL MEDICAL CENTER recommends that you follow the steps provided in your notice letter to safeguard yourself against medical identity theft.

 

(26)        Why did I not receive a notice about this incident?

 

SAN JUAN REGIONAL MEDICAL CENTER provided notice via U.S. Mail to all those potentially impacted to the extent it had a last known home address. If you did not receive a notice letter but you think you may be impacted, please provide your full name and date of birth and I will confirm whether your information may have been compromised as a result of this incident.

 

(27)        Are you offering credit monitoring services?

SAN JUAN REGIONAL MEDICAL CENTER is offering credit monitoring services to individuals whose Social Security numbers were impacted.

(28)        How do I enroll in Equifax® Credit WatchTM Gold?

To sign up online for online delivery go to www.myservices.equifax.com/gold

1.     Welcome Page: Enter the Activation Code provided at the top of this page in the “Activation Code” box and click the “Submit” button.

2.     Register: Complete the form with your contact information (name, gender, home address, date of birth, Social Security Number and telephone number) and click the “Continue” button.

3.     Create Account:  Complete the form with your email address, create a User Name and Password, check the box to accept the Terms of Use and click the “Continue” button.

4.     Verify ID: The system will then ask you up to four security questions to verify your identity.  Please answer the questions and click the “Submit Order” button.

5.     Order Confirmation: This page shows you your completed enrollment.  Please click the “View My Product” button to access the product features.

 

(29)        What is included in Equifax® Credit WatchTM Gold?

Equifax® Credit WatchTM Gold provides you with the following key features:

·       3- Bureau credit file monitoring and alerts of key changes to your Equifax, Transunion, and Experian credit reports

·       One Equifax 3-Bureau credit report

·       Automatic Fraud Alerts - With a fraud alert, potential lenders are encouraged to take extra steps to verify your ID before extending credit

·       Wireless alerts (available online only). Data charges may apply.

·       Access to your Equifax credit report

·       Up to $1 MM Identity Theft Insurance

·       Live agent Customer Service 7 days a week from 8 a.m. to 3 a.m.

 

(30)        How do I enroll in Equifax Child Identity Monitoring for my minor?

To enroll in Equifax Child Identity Monitoring go to http://myservices.equifax.com/efx1_brminor and follow the instructions below:

1.     Welcome Page: Enter the Activation Code provided at the top of this page in the “Activation Code” box and click the “Submit” button.

2.     Register: Complete the form with YOUR contact information first (name, gender, home address, date of birth, Social Security Number and telephone number) and click the “Continue” button.

3.     Create Account:  Complete the form with your email address, create a User Name and Password, after reviewing the Terms of Use, check the box to accept the Terms of Use and click the “Continue” button.

4.     Verify ID: The system will then ask you up to four security questions to verify your identity.  Please answer the questions and click the “Submit Order” button.

5.     Order Confirmation: This page shows you your completed enrollment.  Please click the “View My Product” button to access the product features.

6.     Click the orange button “Enroll Child” to enter your child’s information (child’s name, Date of Birth and Social Security Number).  Note: if you enter the child’s SSN incorrectly, you will need to remove the minor by going to your Member Center and clicking on “My Account” to remove the minor from the account.  You may then re-enroll the minor with the correct SSN.

7.     Check the box confirming you are the child’s parent or guardian.

8.     Click “Submit” to enroll your child.

 

(31)        What is included in Equifax Child Identity Monitoring?

Equifax Child Identity Monitoring will scan the Equifax credit database for any instances of the minor’s social security number and look for a copy of the minor’s Equifax credit file.

·       If no SSN match is found and no Equifax credit file exists, Equifax will create an Equifax credit file in the minor’s name and immediately “lock” the Equifax credit file.  This will prevent access to the minor’s Equifax credit file in the future. If Equifax receives a request for your minor’s Equifax credit report, you will receive an email alert.

·       If there is a match and an Equifax credit file exists, Equifax will immediately “lock” the file and alert you to activity against the file, such as an attempt to open a new line of credit.

·       The minor’s Equifax credit file will be locked for 12 months from date of activation.  After that time, the minor’s Equifax credit file will be deleted from our credit database if it contains no credit data.

 

(32)        Is there an alternative to enrolling online for Equifax® Credit WatchTM Gold or Equifax Child Identity Monitoring?

Yes. To sign up for US Mail delivery, dial 1-866-937-8432 for access to the Equifax Credit Watch automated enrollment process.  Note that all credit reports and alerts will be sent to you via US Mail only.

1.     Activation Code: You will be asked to enter your enrollment code as provided at the top of this letter.

2.     Customer Information: You will be asked to enter your home telephone number, home address, name, date of birth and Social Security Number. 

3.     Permissible Purpose: You will be asked to provide Equifax with your permission to access your Equifax credit file and to monitor your file.  Without your agreement, Equifax cannot process your enrollment.

4.     Order Confirmation: Equifax will provide a confirmation number with an explanation that you will receive your Fulfillment Kit via the US Mail (when Equifax is able to verify your identity) or a Customer Care letter with further instructions  (if your identity can not be verified using the information provided).  Please allow up to 10 business days to receive this information.

If you have additional questions about the credit monitoring or need an alternative to enrolling online, please call.

(33)        Can you just register me in the credit monitoring product?

Unfortunately, we cannot register for you.  You must enroll yourself online (or over the phone) using the Activation Code in your notice letter if you received one.

(34)        What if I received an Activation Code in my notification letter to enroll in the credit monitoring product, but my activation was rejected?

We apologize for the inconvenience. We can provide your name and telephone number to Equifax and they will have a representative contact you.

(35)        I’m having trouble enrolling in the credit monitoring product? Can you help?

We apologize for the inconvenience. We can provide your name and telephone number to Equifax and they will have a representative contact you.

(36)        How long do I have to enroll in the credit monitoring product?

You can sign up for this service anytime between now and September 30, 2021 using the Activation Code listed in your notification letter.

(37)        Why are you not offering me credit monitoring?

 

Credit monitoring services can help to prevent the misuse of an individual’s Social Security number. SAN JUAN REGIONAL MEDICAL CENTER is offering credit monitoring services only to those individuals whose SSNs were impacted.

 

(38)        What is a fraud alert?

 

A fraud alert tells creditors to contact you personally before they open any new accounts.

 

(39)        How do I place a fraud alert on my account?

 

In order to place a fraud alert, you will need to call any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts). Alternatively, you may file the Fraud Alert online. Here is a link to the Experian fraud alert home page: https://www.experian.com/fraud/center.html

 

Equifax                                   Experian                                 TransUnion

P.O. Box 105069                    P.O. Box 2002                        P.O. Box 2000

Atlanta, GA 30348                  Allen, TX 75013                      Chester, PA 19022

www.equifax.com                   www.experian.com                 www.transunion.com

1-800-525-6285                      1-888-397-3742                      1-800-680-7289

 

(40)        How long does a fraud alert last?

 

An initial fraud alert lasts 1 year and is free; you may elect to then renew the fraud alert for an additional year for a fee.

 

(41)        Will a fraud alert stop me from using my credit cards?

 

No. A fraud alert will not stop you from using your credit cards or other accounts.

 

(42)        Can I still apply for a credit card after I place a fraud alert on my credit report?

 

Yes, but the verification process may be more cumbersome. Potential creditors will receive a message alerting them to the possibility of fraud and that creditors should re-verify the identity of a person applying for credit.

 

(43)        How do I place a security freeze on my credit files and how much does it cost?

 

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “security freeze” be placed on your credit file, at no cost to you. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information:

 

Equifax Security Freeze              Experian Security Freeze            TransUnion Security Freeze

PO Box 105788                           PO Box 9554                              P.O. Box 2000

Atlanta, GA 30348                       Allen, TX 75013                           Chester, PA 19022

https://www.freeze.equifax.com      http://experian.com/freeze             www.transunion.com/securityfreeze

1-800-685-1111                           1-888-397-3742                           1-800-680-7289

 

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

 

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the city in which you currently reside.

 

If you do place a security freeze prior to enrolling in the credit monitoring service, you will need to remove the freeze in order to sign up for the credit monitoring. After you sign up for the credit monitoring service, you may refreeze your credit file.

  

(44)        What should I do if I find suspicious activity on my credit reports or have reason to believe my information is being misused?

 

Promptly call your local law enforcement agency and file a police report. Get a copy of the police report, as many creditors will want the information it contains to absolve you of fraudulent debts. You may also file a complaint with the FTC at www.ftc.gov/idtheft or reach the FTC at 1-877-IDTHEFT (1-877-438-4338) or 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations.

 

(45)        When I called to place a fraud alert, they asked for my Social Security number. Is this ok?

 

Yes. The credit bureaus will indeed ask for your Social Security number and other personal information to verify your identity and avoid sending any credit report or correspondence to the wrong individual. However, SAN JUAN REGIONAL MEDICAL CENTER cautions against you providing any information to any entity or person contacting you directly asking for your personal information.

 

(46)        How do I obtain a free credit report?

 

Under federal law, you are entitled to one free credit report every 12 months from each of the three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.

 

(47)        I have experienced fraud on my payment card. What do I do?

 

If you see a fraudulent charge on your payment card, you should immediately contact the bank, credit union or other financial institution that issued your card. The phone number to call can be found on the back of the card. If reported promptly, you may not be responsible for fraudulent charges.

 

(48)        Is this letter legitimate? Is it a scam?

 

I can assure you the letter is legitimate. SAN JUAN REGIONAL MEDICAL CENTER has made you aware of the situation and provided you with guidance on how you can protect yourself.

 

(49)        How can I protect my medical information?

 

We have no information to date indicating that your medical information involved in this incident was or will be used for any unintended purposes. As a general matter, however, the following practices can help to protect you from medical identity theft.

 

·       Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.

 

·       Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.

 

·       Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.

 

 

(50)        Do I have any legal recourse?

 

SAN JUAN REGIONAL MEDICAL CENTER is not in a position to provide any legal advice related to this incident.

 

(51)        Has the unauthorized individual been identified or caught?     

 

SAN JUAN REGIONAL MEDICAL CENTER is not aware that the unauthorized individual has been identified or caught. SAN JUAN REGIONAL MEDICAL CENTER’s primary focus remains on supporting those individuals who were impacted by this incident.

(52)        Will we receive any additional information or update?

 

If a further update is warranted, SAN JUAN REGIONAL MEDICAL CENTER will provide one accordingly.

 

(53)        The individual this letter is addressed to is deceased. What should I do?

 

Please provide your name or the name of the estate, the name of the deceased person, and your contact information. We will send you/the estate a letter with additional information on the steps to take to protect the decedent’s information.

 

You can also following the steps below:

·       Immediately contact the credit reporting agencies (CRAs) in writing and request a “deceased” alert be placed on their credit report. You should also request a copy of the credit report.

·       Contact all credit issuers, collection agencies, the CRAs and any other financial institutions that need to know of the death using the required procedures for each one.

·       Obtain at least 12 copies of the official death certificate when it becomes available. In some cases you will be able to use a photocopy, but some businesses will request an original death certificate. Since many death records are public, a business may require more than just a death certificate as proof.

 

(54)        The letter I received indicates that I am deceased, but I am not deceased. Why does SAN JUAN REGIONAL MEDICAL CENTER think I am deceased?

 

We are happy you are alive and well and apologize and there was a clerical error in the mailing.  We assure you that you will not encounter any issues when you come to San Juan for your next visit.

 

 

 

 



Back to Top