June 23, 2021
Dear Patient Family,
We are posting this notice to to let you know about a data security incident affecting the Mississippi Center for Advanced Medicine internal server. MCAM was the victim of a ransomware demand in December of 2020. MCAM promptly retained an information technology consulting company to determine whether a breach had occurred, and if so, the identity of the files that may have been accessed by it. On April 26, 2021, the company notified MCAM the data security incident affected our internal server. This server contains documentation related to our programs and services and some of the information contained in files on the server was related to MCAM patients and contained potentially identifiable health information. All of the affected files have been fully secured and we are working diligently through the notification process.
Below is more detailed information about this incident and whom to contact should you have questions or concerns.
MCAM was recently the victim of a ransomware attack, which is a type of data security incident that has grown exponentially over the last year globally. MCAM promptly retained an information technology consulting company to determine whether a breach had in fact occurred, and if so, the identity of the files that may have been accessed by it. On April 26, 2021, the company notified MCAM the data security incident affected our internal server. This server contains documentation related to our programs and services. Some of the information contained in files on the server was related to MCAM patients and potentially identifiable health information. We took immediate action upon learning of the incident and the files have been fully secured on our side.
Our investigation into the scope of the incident is ongoing. However, we believe impacted information may include all, or a subset of, the following: certain names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers, information to process insurance claims, prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services, such as whether an influenza test had been ordered. Please note that your electronic health record information was not compromised, and no credit or debit card information or other financial information was impacted.
The safety of your personal information is of upmost importance to us. Since learning our internal server was affected, we have dedicated personnel to investigating each and every file that may have been accessed in order to identify precisely the types of information that may have been accessed and the identity of the persons whose information may have been accessed. Our server was secured by a network security company and this breach occurred despite the fact MCAM had in place security measures that were industry standard at the time. Since the incident, we have instituted additional security measures including enhanced user authentication, as well as adding more instrusion detection and monitoring capability.
What You Can Do
We encourage all MCAM patient families to actively monitor your personal information and immediately report any fraudlent activity to the proper authorities. If you desire, there are credit monitoring services and fraud alerts available online. We do want to reiterate that we have no reason to believe that your information will be used by the ransomware attackers but we want to make sure that each of you know of our response to the incident. We would also encourage you to avoid clicking on links, downloading attachments from suspicious emails, and to be cautious of any unsolicited communications that ask for your personal information.
MCAM holds the personal information for patient families in the highest regard and we regret this matter occurred. Our patients will always come first and we are confident in our approach in protecting your information moving forward. Please contact our office with any additional questions at (601) 499-0935 or toll free at 1-877-261-2859.