SAN ANTONIO – After an internal review, Baptist Medical Center in San Antonio and Resolute Health Hospital in New Braunfels reported a cybersecurity incident involving personal information regarding services people may have received at one of their locations.
Officials say they learned on April 20 that certain systems within their network might have been infected with malicious code due to potentially unauthorized activity.
The health system immediately suspended user access to impacted information technology applications, executed extensive cybersecurity protection protocols, and restricted further unauthorized activity.
Officials said the unauthorized third party gained access to certain systems that had personal information and removed some data from the network between March 31 and April 24. The demographic information to identify and contact a patient may have included one or more of the following:
- full name, date of birth, and address
- Social Security number
- health insurance information, such as the name of insurer/government payor and the policy and/or group number
- medical information, such as medical record numbers, dates of service, provider and facility names, chief complaint or reason for a visit, and other visit procedure and diagnosis information
- billing and claims information, such as account and claim status, billing and diagnostic codes, and payor information
Officials said driver’s licenses, credit and debit card numbers, bank account information, and account passwords were not involved in the cybersecurity breach.
“As soon as the incident was discovered, a forensic investigation was immediately launched, law enforcement was contacted, and steps were taken to mitigate and remediate the incident and to help prevent further unauthorized activity,” stated a news release from Baptist Medical Center and Resolute Health Hospital.
Officials said security and monitoring capabilities are being enhanced, and systems are being hardened to minimize the risk of future breaches.
Affected patients are encouraged to carefully review their health care statements to ensure all account activity is valid.
Anyone with questions about the breach is asked to call 1-833-423-2986 between 9 a.m. and 9 p.m. ET Monday through Friday.
Click here to learn more about the cybersecurity incident.