Privileged & Confidential
Substitute Notice
February 4, 2022

 

NOTICE OF SECURITY INCIDENT

South Shore Hospital (SSH) values the privacy and confidentiality of all patient data within its control. Regrettably, this notice is to inform you about a data security incident that may have impacted your Protected Health Information (PHI). If you are currently, or were at some time in the past, a patient or employee of SSH, this notice of data security incident may apply to you. SSH sincerely apologizes for any concern this may cause you.

 

What happened?

On Friday, December 10, 2021, SSH became aware of unauthorized activity on its network. Upon discovery, SSH quickly activated its emergency operating protocols to continue providing safe patient- and family-centered care to those who need it. As part of its response process, SSH hired independent computer forensic experts to investigate and determine what information may be at risk. Law enforcement was contacted, and SSH intends to cooperate with any investigation into this matter. 

 

What information was involved?

The investigation determined that the files impacted may have contained first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare/Medicaid information for SSH patients and employees. 

 

What are we doing? 

To help reduce the risk of something like this happening again, we are implementing additional security controls to protect our network. These steps include enforcing stronger password requirements, enabling multifactor authentication, and additional data privacy and security awareness training for SSH’s workforce.  We have also deployed supplementary anti-malware and email phishing tools and will continue to evaluate our security protocols for opportunities to further bolster our network security. 

As a safeguard, we are also offering identity theft protection services through IDX, a data breach and recovery services expert, at no charge to SSH patients affected. These services include 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.  

 

What can you do?

It is always a good idea to carefully monitor your bank account and other financial statements and immediately contact your financial institution if you identify any suspicious activity. We recommend that you keep an eye on your benefits statement and report any unusual activity. We also encourage you to take full advantage of IDX’s service offering by calling 1-833-783-1445 or going to https://app.idx.us/account-creation/protect to enroll in identity protection services.

To learn if you were affected by this incident, please call 1-833-783-1445 Monday through Friday from 8 am – 8 pm central time.  

 

For more information

Please call 1-833-783-1445 Monday through Friday from 8 am –8 pm central time if you have any questions or concerns. Your trust is our top priority, and we sincerely apologize for any inconvenience or concern that this matter may cause you. 

 

Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity.