UT Health Tyler announces some patients’ Social Security numbers, contact information accessed during November ransomware incident | #ransomware | #cybercrime

TYLER, Texas — Ardent Health Services, on behalf of UT Health Tyler, is notifying certain individuals regarding personal information involved in a recent cybersecurity incident.

According to Ardent, on Nov. 23, 2023, a ransomware incident was discovered that impacted its network. 

“Upon learning of the situation, Ardent immediately notified law enforcement, initiated its incident response plan, launched an investigation into the incident with the assistance of an outside cybersecurity firm, and began employing containment measures,” Ardent said. “Shortly thereafter, Ardent successfully terminated the unauthorized access.”

Ardent says they recently learned an unauthorized third party extracted copies of documents that include the following personal information:

  • Patient contact information (e.g., address, phone number, email address)
  • Social Security numbers
  • Medical treatment information (e.g., providers, dates of service, diagnoses, prescriptions)
  • Health insurance and claims information
  • Medicaid/Medicare numbers

“At this time, Ardent has no indication that this information has been misused,” the company said. 

Ardent says they have started mailing letters to those whose information may have been involved. 

“The data review process is ongoing and will take time to complete, and as Ardent identifies additional impacted individuals, it will mail letters to them in accordance with all applicable laws,” Ardent said. “All individuals whose personal information was impacted are eligible to enroll in credit monitoring and fraud-protection services through TransUnion for one year at no cost. Ardent has set up a dedicated, toll-free call center to support individuals with questions about the incident. Beginning on Tuesday, January 23, the call center can be reached at 1-833-961-7634, Monday through Friday, between 7 a.m. and 7 p.m. Central Time, excluding U.S. holidays.”

Source link

National Cyber Security