Holy Cross Hospital

Home

It was recently brought to the attention of Holy Cross Hospital that the personal data of 38 patients from our Emergency Room was stolen by a former employee and allegedly sold to a third party for fraudulent purposes. The incident involved the theft of paper copies of Emergency Room patient data sheets, which included basic information including name, address, date of birth, social security number and initial diagnosis from the Emergency Room visit. These patient data sheets did not contain test results or other detailed patient medical information, and to the best of our knowledge, healthcare information was not misused by the parties involved. This was not a compromise of the computer systems that the hospital uses to protect patient information. Through cooperation with a federal investigation, Holy Cross identified the individual involved, who admitted improper conduct and was immediately terminated.

At Holy Cross, we place the highest priority on protecting the privacy and security of our patients, confidential information, and expect our employees to reflect our values and dedication to the well- being of our community. We pledge to remedy this situation to the best of our abilities and remain committed to cooperating with law enforcement and prosecutors.

Who is affected by this security breach?
Based on evidence collected in the investigation, while information from 38 patients was uncovered, we believe as many as 1,500 patient data sheets of Emergency Room patients may have potentially been compromised by this employee. However, since we cannot identify which files were compromised, we are taking the precaution of notifying each patient who checked into the Holy Cross Emergency Room from April 27, 2009 to September 29, 2010. We believe less than 4 percent of those being notified were actually affected by this incident, but are advising all those who receive a letter to be vigilant in monitoring their financial statements. We are also offering free credit monitoring services to these patients for their protection. To the best of our knowledge, heath care information was not misused in this incident. Patients who received treatment in other hospital departments are not part of this notification and are not affected.

What steps is Holy Cross taking to ensure that this does not happen again?
In response to this incident, the Hospital is thoroughly reviewing all of its systems, processes and policies to determine what further steps we can take to limit exposure of personal data and strengthen data security. We are already in the process of making changes to the documents involved in this situation.

How does the free credit monitoring, fraud resolution and identity theft insurance program work?
Please carefully review the letter and enclosure we sent you. It explains in detail the steps you must take to initiate the free credit monitoring offer provided by Holy Cross Hospital. This information has also been included below. If the letter was addressed to a child under age 18 who was a patient in the Emergency Room, you will need a special family credit monitoring plan, which you can obtain by calling Experian customer care at 866-252-0121.

I am wondering if I am affected, how do I know?
A letter has gone out to those who may possibly have been affected. If you do not get a letter, there is no reason for you to believe that your information is at risk due to this incident. However, if you have changed your address and think we may not have your correct contact information, please email info@holy-cross.com.

I have additional questions or concerns, to whom can I speak?
Please feel free to email info@holy-cross.com or call us at 1-800-388-4301 with any additional concerns that you may have.

Valuable Resource for Protecting Your Personal Data

Holy Cross Hospital encourages all patients to remain vigilant in safeguarding their personal information to help prevent identity theft. This page contains useful information and tips on how to protect your information. Protecting Against Identity Theft As recommended by the Federal Trade Commission, stay alert for the signs of identity theft, such as:
-Accounts you didn't open and debts on your accounts that you can't explain.
-Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials, and employers.
-Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
-Receiving credit cards for which that you didn't apply.
-Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
-Getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.

If you suspect you have been a victim of identity theft, the Federal Trade Commission also recommends the following:
-Contact your local law enforcement agency and file a police report.
-Place a security/fraud alert or extended security/fraud alert through the credit bureaus.
-The fraud alert tells creditors to contact you before opening any new accounts or making changes to your existing accounts. Once you place the fraud alert in your file, you may order free copies of your credit reports, and if you ask, only the last four digits of your Social Security number will appear on your credit reports.
-Place a credit freeze restricting access to your credit file. This action makes it difficult for an identity thief to open a new account in your name.
-Credit freeze laws and costs differ state by state. You can find more information at http://www.consumersunion.org/campaigns/learn_more/003484indiv.html.
-Consult with your financial institution about whether to close bank or brokerage accounts immediately, or first change your passwords and have the institution monitor for possible fraud. Place passwords on any new accounts that you open. Avoid using your mother's maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers.

Monitoring Your Credit

You can get information about credit monitoring and security/fraud alert services by contacting one of the credit bureaus listed below.

Equifax 1-877-478-7625 www.equifax.com

Experian 1-888-EXPERIAN (397-3742) www.experian.com

TransUnion 1-800-680-7289 www.transunion.com

You can also obtain a free credit report once per year by visiting www.annualcreditreport.com.

When you receive your credit report, review it carefully and look for accounts you don't recognize. Look in the "inquiries" section for names of creditors from whom you haven't requested credit. Some companies bill under names other than their store names. The consumer reporting agency will be able to tell you when that is the case. Look in the "personal information" section for any inaccuracies in the information (such as your home address or Social Security number). Errors in this information may be a warning sign of possible identity theft. You should notify the consumer reporting agency of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate consumer reporting agency by telephone and in writing.

If you find items you don't understand on your report, call the consumer reporting agency at the number given on the report. The consumer reporting agency's staff will review your report with you. If the information can't be explained, then you will need to call the creditors involved. Information that can, be explained also should be reported to your local police or sheriff, office because it may signal criminal activity. Should you find any suspicious activity on your credit report or have reason to believe your information is being misused, contact your local law enforcement agency and file a police report.

Other Monitoring Activities It is recommended that individuals monitor the following:
-Explanation of Benefits form that you receive from your insurance company or health plan.
-If you suspect you have been the victim of Medicare/Medicaid fraud call 1-800-HHS-TIPS (1-800-447-8477).
-Financial accounts and billing statements to identify any charges you may not have made.

Additional Resources

Federal Trade Commission Identity Theft Clearinghouse
-Phone: 1-877-IDTHEFT (1-877-438-4338)
-Web: www.ftc.gov/bcp/edu/microsites/idtheft/
-FTC's free identity theft guide "Take Charge" www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf

U.S. Dept. of Justice

-What you should do if you become a victim of identity theft: www.usdoj.gov/criminal/fraud/websites/idtheft.html

The President's Identity Theft Task Force
-Advice for victims of identity theft: www.idtheft.gov

Federal Agencies and Technology Industry
-Tips on online safety: www.onguardonline.gov
-ID Theft Quick Tips: www.onguardonline.gov/topics/identity-theft.aspx

How to activate your complimentary one-year credit monitoring membership from Experian
Holy Cross Hospital is committed to ensuring the security of your data. Out of an abundance of caution, in order to help you detect the possible misuse of your information, we are providing you with a free one-year membership in Triple AlertSM from ConsumerInfo.com, Inc., an Experian company, to provide you with credit monitoring and in-depth assistance with identity theft protection including identity theft insurance*. Triple Alert is completely free and enrolling in this program will not hurt your credit score.

To activate your complimentary one-year membership in Triple Alert from Experian, visit the website listed below and enter your individual activation code. If you prefer, you can enroll on the phone by speaking with Experian Customer Care representatives toll-free at (866) 252-0121.

Triple Alert Web Site: http://partner.consumerinfo.com/triple
Your Activation Code: [included in patient letters]
You Must Enroll By: February 5, 2011

As soon as you enroll in your complimentary Triple Alert membership, Experian will begin to monitor your credit reports from Experian, Equifax and TransUnion on a daily basis and notify you of key changes. This powerful tool will help you identify potentially fraudulent use of your information, and provide you with immediate assistance from a dedicated team of fraud resolution representatives should you ever need help.

Your complimentary 12-month Triple Alert membership includes:

-Daily monitoring and timely alerts of any key changes to your credit reports, so you know when there is any activity that you should be made aware of such as notification on new inquiries, newly opened accounts, delinquencies, public records or address changes.
-Toll-free access to a dedicated team of fraud resolution representatives who will help you investigate each incident; contact credit grantors to dispute charges, close accounts if need be, and compile documents; and contact all relevant government agencies.
-$25,000 in identity theft insurance coverage ($10,000 for New York state residents) with zero deductible provided by Virginia Surety Company, Inc. for certain identity theft expenses*

Activate your membership today for immediate protection at http://partner.consumerinfo.com/triple
Or call (866) 252-0121 to register with this activation code: [included in patient letters]

Once your enrollment in Triple Alert is complete, you should carefully review your credit reports for potentially inaccurate or suspicious items. If you have questions about Triple Alert, need help understanding something on your credit report or suspect that an item on your credit report may be fraudulent, please contact Experian customer care at (866) 252-0121.