ATTENTION: LSU HCSD is issuing a follow-up to its original press release sent out November 20, 2020. The breach now also involves patient information from its partner hospital, UMC-NO.
On November 20, 2020, LSU Health New Orleans Health Care Services Division (LSU HCSD) notified the public of a data breach through an employee’s email account.
LSU HCSD has since become aware that the employee’s electronic mailbox also included information from its partner hospital, University Medical Center- New Orleans (UMC-NO.)
UMC-NO was notified by LSU HCSD of the possibility that some of its patients’ protected information may have been accessible to the cyber intruder. UMC-NO is in the process of conducting its own investigation and discovery.
The intrusion appears to have occurred on September 15, 2020, and the mailbox access was discovered and disabled on September 18, 2020. The Health Care Services Division is not aware that the intruder actually accessed or misused the patient information in the employee’s mailbox.
The type and amount of patient information varied with each email message but may have included: patients’ names; medical record numbers; account numbers; dates of birth; Social Security numbers; dates of service; types of services received; phone numbers; and/or addresses; and insurance identification numbers. A few contained a patient’s bank account number and health information including a diagnosis. In most instances, there was limited information in the email or attachment, meaning that just a few of these identifiers were contained in the email.
Out of an abundance of caution, patients who received care at UMC-NO are encouraged to monitor their credit reports for potential identity theft. The website www.identitytheft.gov provides a step-by-step process to respond to, and recover from, incidents of identity theft.
Any questions concerning this matter should be directed to UMC-NO at 1-800-872-4923, Monday through Friday from 8:00 a.m. to 5:00 p.m.