At Presbyterian, we are committed to protecting the privacy of our patients and members.
Presbyterian Health Plan Announces Misdirected Mailing
Presbyterian Health Plan (Presbyterian) announced today that it began mailing letters to some of its health plan members regarding a misdirected mailing that occurred on October 1, 2020. At that time, we discovered that a letter had been sent to some members under their name but with a different member’s address.
The letter contained member names, reminders about recommended health screenings for managing their health care treatment, and contact information for care coordination. The mailing did not involve Social Security numbers, financial or credit card information, or any information contained in medical systems or any other health information. Presbyterian is not aware of any improper or attempted use or disclosure of health screening information.
Presbyterian recommends that potentially affected individuals review the statements they receive from their health plan and health care provider(s). If there are services that the individual did not receive, they should contact the health plan or provider(s) immediately. For any additional questions, any potentially affected individuals can call
1-833-905-3234, Monday through Friday, 7 a.m. to 7 p.m. Mountain Time.
Protecting the privacy, security, and confidentiality of every individual’s health information is Presbyterian’s top priority. Presbyterian has taken corrective action to prevent any recurrence and to ensure that this type of misdirected mailing error does not occur in the future.
Blackbaud Data Security Incident
Presbyterian Healthcare Foundation recently learned that Blackbaud, a third-party service vendor used for fundraising and alumni or donor engagement efforts at non-profits and universities worldwide, was the subject of a data security incident. This was a wide-reaching security event that involved the data of many Blackbaud clients around the world.
Blackbaud is a vendor that provides the Foundation with cloud-based and data solution services related to donors and fundraising. On August 5, 2020, Blackbaud informed the Foundation that it discovered that an unauthorized individual gained access to Blackbaud’s systems between February 7, 2020 and May 20, 2020. Once the Foundation learned of the incident, immediate steps were taken to understand the extent of the incident and the data involved.
Based on information provided by Blackbaud, this incident did
not involve social security numbers, financial or credit card account information, or any access to medical systems or electronic health information. The information in Blackbaud’s database that was acquired may have included an individual’s name, date of birth, date(s) of treatment, facility, department(s) of service, treating physician, employer, emergency contact and/or medical record number.
According to Blackbaud, there is no evidence to believe that any data has been or will be misused, disseminated or otherwise made publicly available.
The Foundation established a dedicated call center to answer questions for those potentially affected. The Foundation recommends that potentially affected individuals review the statements they receive from their health plan and health care provider(s). If there are services that the individual did not receive, they should contact the health plan or provider(s) immediately. For any additional questions, any potentially affected individuals can call
1-833-909-2917 Monday through Friday, 7 a.m. to 7 p.m. Mountain Time.
The Foundation takes the security of donor, patient and member information very seriously. To help prevent something like this from happening again, the Foundation is examining their relationship with Blackbaud and evaluating Blackbaud’s technical safeguards.
We encourage individuals potentially affected by this incident to contact
On June 6, 2019, Presbyterian discovered anonymous, unauthorized access was gained through a deceptive email to some of Presbyterian’s workforce members sometime around May 9, 2019. Presbyterian believes that the unauthorized access to these email accounts was part of a “phishing” scam trying to get information. These email accounts included patient and/or health plan member names and might have contained dates of birth, Social Security numbers and clinical and/or health plan information. Once Presbyterian became aware of this incident, it secured these email accounts, began a thorough review of the impacted emails and alerted federal law enforcement.
We are very sorry that unauthorized access to some of the workforce members’ emails occurred. We are not aware of any improper use, or attempted use of your information, but we believe it is important to notify you of this incident. This did not affect our electronic health records or billing systems.
We take the responsibility of safeguarding your information very seriously. To help prevent this incident from happening again, Presbyterian is taking several steps and implementing additional security measures to further protect our email system. In addition, all workforce members annually must successfully complete mandatory training about the importance and requirement to safeguard all information. In particular, workforce members have received, and will continue to receive, reminders about safeguarding information stored electronically and how to avoid phishing scams.
We recommend that you review the statements that you receive from your health plan or your health care providers regarding your health care services. If you see any service that you believe you did not receive, please contact the health plan or provider immediately. We want to assure you that Presbyterian is committed to protecting the privacy and confidentiality of every individual’s information.
If you have any questions, please call
1-833-297-6405, Monday through Friday, 7:00 a.m. to 7:00 p.m. Mountain Time.
Aviso de Incidente de Seguridad de Datos
Update on Previously Announced Personally Identifiable Information Incident
Presbyterian mailed additional letters to some individual providers in the Presbyterian Health Plan network, including Presbyterian-employed providers, regarding the previously announced phishing incident.
On July 31, 2019, Presbyterian learned that an unauthorized person may have accessed some employee email accounts through a “phishing” scam. Once Presbyterian became aware of this incident, it secured the affected email accounts and alerted federal law enforcement. At least one of these email accounts contained provider names and Social Security numbers.
While Presbyterian’s investigation remains ongoing at this time, there is no evidence indicating that any of the providers’ information was downloaded or used in any way.
Presbyterian is offering providers complimentary credit monitoring. Presbyterian also established a dedicated call center to answer questions for those affected by this incident.
To help prevent this type of incident from happening again, Presbyterian has implemented additional security measures to further protect our email system. In addition, all employees complete annual training related to protecting all information.
Presbyterian regrets that this incident occurred and has services and support in place to help affected individuals. Providers who have questions can call
1-833-959-1350, Monday through Friday, 7 a.m. to 7 p.m. Mountain time. If you are a provider and believe you may have been affected, but did not receive a letter, please contact the call center to verify information.