Presbyterian
Data Security

Notification of Data Security Incidents

Presbyterian Healthcare Services Reports Patient Information Incident

Presbyterian Healthcare Services ("Presbyterian") announced on October 14 that it began mailing letters to some of its patients regarding recent unauthorized access to a workforce member email account containing patient information.

On July 8, 2022, Presbyterian discovered an unidentified third party gained access to the email account of a Presbyterian workforce member. Presbyterian believes that the unauthorized access to the email account was part of a scam or deceptive email trying to obtain information, known as "phishing." The unauthorized access was limited to one workforce member’s email account – there was no access to the Presbyterian health record system or financial/credit card account information. Presbyterian immediately secured the email account and began an investigation, which determined that the unauthorized access to the email account occurred intermittently between March 21 and July 8, 2022.

Presbyterian is conducting a thorough review of the impacted Presbyterian email account to identify patients that may be affected. Based on the review to date, the email account contains patients’ names and one or more of the following: date of birth, Social Security number, medical record number, health insurance information, and/or limited clinical information related to billing (such as diagnosis codes and treatment information. Presbyterian is continuing to review the contents of the impacted email account and will notify any additional affected patients once that review is complete.

Presbyterian has begun mailing letters to the identified patients while it continues its review, and has also established a dedicated, toll-free call center to answer questions for those affected. Presbyterian recommends that affected individuals review the statements they receive from their health plan and health care provider(s). If there are services that the individual did not receive, they should contact the health plan or provider(s) immediately. For those individuals whose Social Security numbers were included, Presbyterian is offering free credit monitoring and identity protection services. If patients believe they are affected or have questions, please call 

, Monday through Friday, 7 a.m. to 7 p.m. Mountain Time.

Presbyterian takes the responsibility of safeguarding patient information very seriously and will continue to take steps to help prevent something like this from happening again, including continuing comprehensive training for staff and implementation of security enhancements to the email system.

Presbyterian encourages patients affected by this incident to call 

 or go to https://app.idx.us/account-creation/protect.